Mailinglist Archive: opensuse-bugs (8045 mails)
| < Previous | Next > |
[Bug 231082] New: VUL-0: cacti command insertion
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Fri, 29 Dec 2006 07:32:00 -0700 (MST)
- Message-id: <bug-231082-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=231082
Summary: VUL-0: cacti command insertion
Product: SUSE Linux 10.1
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: Network
AssignedTo: hmuelle@xxxxxxxxxx
ReportedBy: meissner@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: security-team@xxxxxxx
http://www.heise.de/newsticker/meldung/83037/from/rss09
http://secunia.com/advisories/23528
Description:
rgod has discovered three vulnerabilities in Cacti, which can be exploited by
malicious people to bypass certain security restrictions, manipulate data and
compromise vulnerable systems.
1) The cmd.php script does not properly restrict access to command line usage
and is installed in a web-accessible location.
Successful exploitation requires that "register_argc_argv" is enabled.
2) Input passed in the URL to cmd.php is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
Successful exploitation requires that "register_argc_argv" is enabled.
3) The results from the SQL queries in 2) in cmd.php are not properly
sanitised before being used as shell commands. This can be exploited to inject
arbitrary shell commands.
The vulnerabilities are confirmed in version 0.8.6i. Other versions may also
be affected.
Solution:
Move the "cmd.php" script to a not web-accessible path, and update other
scripts accordingly.
Edit the source code to ensure that input is properly sanitised.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Summary: VUL-0: cacti command insertion
Product: SUSE Linux 10.1
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: Network
AssignedTo: hmuelle@xxxxxxxxxx
ReportedBy: meissner@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: security-team@xxxxxxx
http://www.heise.de/newsticker/meldung/83037/from/rss09
http://secunia.com/advisories/23528
Description:
rgod has discovered three vulnerabilities in Cacti, which can be exploited by
malicious people to bypass certain security restrictions, manipulate data and
compromise vulnerable systems.
1) The cmd.php script does not properly restrict access to command line usage
and is installed in a web-accessible location.
Successful exploitation requires that "register_argc_argv" is enabled.
2) Input passed in the URL to cmd.php is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
Successful exploitation requires that "register_argc_argv" is enabled.
3) The results from the SQL queries in 2) in cmd.php are not properly
sanitised before being used as shell commands. This can be exploited to inject
arbitrary shell commands.
The vulnerabilities are confirmed in version 0.8.6i. Other versions may also
be affected.
Solution:
Move the "cmd.php" script to a not web-accessible path, and update other
scripts accordingly.
Edit the source code to ensure that input is properly sanitised.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
| < Previous | Next > |