Mailinglist Archive: opensuse-commit (1139 mails)

< Previous

Next >

Hello community,

here is the log from the commit of package cacti
checked in at Tue Jan 9 17:41:24 CET 2007.

--------
--- cacti/cacti.changes 2006-03-17 11:37:29.000000000 +0100
+++ /mounts/work_src_done/NOARCH/cacti/cacti.changes 2007-01-09 16:12:40.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Jan 9 16:12:03 CET 2007 - prusnak@xxxxxxx
+
+- fixed CVE-2006-6799 [#231082]
+
+-------------------------------------------------------------------

Old:
----
path_fix.patch

New:
----
cacti-0.8.6h-CVE-2006-6799.patch
cacti-0.8.6h-path_fix.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cacti.spec ++++++
--- /var/tmp/diff_new_pack.Sf1664/_old 2007-01-09 17:40:40.000000000 +0100
+++ /var/tmp/diff_new_pack.Sf1664/_new 2007-01-09 17:40:40.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cacti (Version 0.8.6h)
#
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -12,16 +12,17 @@
Name: cacti
BuildRequires: apache2-devel libapr-util1-devel pcre-devel
Version: 0.8.6h
-Release: 8
+Release: 41
Summary: Web Front-End to Monitor System Data via RRDtool
-License: GPL
+License: GNU General Public License (GPL)
Group: System/Monitoring
URL: http://www.cacti.net/
Source0: %{name}-%{version}.tar.bz2
-Source1: cacti.cron
-Source2: cacti-httpd.conf
-Source3: cacti.logrotate
-Patch: path_fix.patch
+Source1: %{name}.cron
+Source2: %{name}-httpd.conf
+Source3: %{name}.logrotate
+Patch: %{name}-%{version}-path_fix.patch
+Patch1: %{name}-%{version}-CVE-2006-6799.patch
Requires: http_daemon net-snmp rrdtool php mod_php_any
Requires: php-snmp php-mysql php-session
BuildArch: noarch
@@ -49,6 +50,7 @@
%prep
%setup -q
%patch
+%patch1

%build

@@ -95,6 +97,8 @@
%config(noreplace) /etc/logrotate.d/%{name}

%changelog -n cacti
+* Tue Jan 09 2007 - prusnak@xxxxxxx
+- fixed CVE-2006-6799 [#231082]
* Fri Mar 17 2006 - stark@xxxxxxx
- fix path settings
* Wed Jan 25 2006 - mls@xxxxxxx

++++++ cacti-0.8.6h-CVE-2006-6799.patch ++++++
--- include/html/inc_timespan_settings.php
+++ include/html/inc_timespan_settings.php
@@ -24,6 +24,20 @@
+-------------------------------------------------------------------------+
*/

+/* ================= input validation ================= */
+input_validate_input_number(get_request_var_request("predefined_timespan"));
+/* ==================================================== */
+
+/* clean up date1 string */
+if (isset($_REQUEST["date1"])) {
+ $_REQUEST["date1"] = sanitize_search_string(get_request_var("date1"));
+}
+
+/* clean up date2 string */
+if (isset($_REQUEST["date2"])) {
+ $_REQUEST["date2"] = sanitize_search_string(get_request_var("date2"));
+}
+
/* initialize the timespan array */
$timespan = array();

--- lib/api_device.php
+++ lib/api_device.php
@@ -65,7 +65,7 @@
}

$save["id"] = $id;
- $save["host_template_id"] = $host_template_id;
+ $save["host_template_id"] = form_input_validate($host_template_id, "host_template_id", "^[0-9]+$", false, 3);
$save["description"] = form_input_validate($description, "description", "", false, 3);
$save["hostname"] = form_input_validate($hostname, "hostname", "", false, 3);
$save["snmp_community"] = form_input_validate($snmp_community, "snmp_community", "", true, 3);
--- scripts/ss_host_cpu.php
+++ scripts/ss_host_cpu.php
@@ -1,8 +1,14 @@
<?php
+
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
+}
+
$no_http_headers = true;

/* display No errors */
-error_reporting(E_ERROR);
+error_reporting(0);

include_once(dirname(__FILE__) . "/../lib/snmp.php");

--- scripts/ss_sql.php
+++ scripts/ss_sql.php
@@ -1,9 +1,14 @@
<?php

+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
+}
+
$no_http_headers = true;

/* display ALL errors */
-error_reporting(E_ALL);
+error_reporting(0);

if (!isset($called_by_script_server)) {
include_once(dirname(__FILE__) . "/../include/config.php");
--- scripts/sql.php
+++ scripts/sql.php
@@ -1,4 +1,9 @@
<?

+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
+}
+
$no_http_headers = true;
include(dirname(__FILE__) . "/../include/config.php");
--- scripts/ss_host_disk.php
+++ scripts/ss_host_disk.php
@@ -1,8 +1,14 @@
<?php
+
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
+}
+
$no_http_headers = true;

/* display No errors */
-error_reporting(E_ERROR);
+error_reporting(0);

include_once(dirname(__FILE__) . "/../lib/snmp.php");

--- scripts/ss_fping.php
+++ scripts/ss_fping.php
@@ -1,11 +1,15 @@
<?php
#!/usr/bin/php -q

-//STANDARD SCRIPT SERVER HEADER!!!
+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
+}
+
$no_http_headers = true;

/* display No errors */
-error_reporting(E_ERROR);
+error_reporting(0);

include_once(dirname(__FILE__) . "/../include/config.php");
include_once(dirname(__FILE__) . "/../lib/snmp.php");
--- scripts/query_host_partitions.php
+++ scripts/query_host_partitions.php
@@ -1,4 +1,9 @@
<?php

+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
+}
+
$no_http_headers = true;
include(dirname(__FILE__) . "/../include/config.php");
--- scripts/query_host_cpu.php
+++ scripts/query_host_cpu.php
@@ -1,4 +1,9 @@
<?php

+/* do NOT run this script through a web browser */
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
+}
+
$no_http_headers = true;
include(dirname(__FILE__) . "/../include/config.php");
--- auth_login.php
+++ auth_login.php
@@ -36,7 +36,7 @@

if ($ldap_conn) {
$ldap_dn = str_replace("<username>",$_POST["login_username"],read_config_option("ldap_dn"));
- $ldap_response = @ldap_bind($ldap_conn,$ldap_dn,$_POST["login_password"]);
+ $ldap_response = @ldap_bind($ldap_conn,$ldap_dn,stripslashes($_POST["login_password"]));

if ($ldap_response) {
$ldap_auth = true;
--- cmd.php
+++ cmd.php
@@ -26,8 +26,8 @@
*/

/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
- die(" This script is only meant to run at the command line.");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
}

$start = date("Y-n-d H:i:s"); // for runtime measurement
@@ -71,25 +73,32 @@
$print_data_to_stdout = false;
if ($_SERVER["argc"] == "3") {
if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
- $hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
- "id >= " .
- $_SERVER["argv"][1] .
- " and id <= " .
- $_SERVER["argv"][2] . ") ORDER by id");
+
+ /* address potential exploits */
+ input_validate_input_number($_SERVER["argv"][1]);
+ input_validate_input_number($_SERVER["argv"][2]);
+
+ $hosts = db_fetch_assoc("
+ SELECT * FROM host
+ WHERE (disabled = ''
+ AND id >= " . $_SERVER["argv"][1] . "
+ AND id <= " . $_SERVER["argv"][2] . ")
+ ORDER by id");
$hosts = array_rekey($hosts,"id",$host_struc);
$host_count = sizeof($hosts);

- $polling_items = db_fetch_assoc("SELECT * from poller_item " .
- "WHERE (host_id >= " .
- $_SERVER["argv"][1] .
- " and host_id <= " .
- $_SERVER["argv"][2] . ") ORDER by host_id");
-
- $script_server_calls = db_fetch_cell("SELECT count(*) from poller_item " .
- "WHERE (action=2 AND (host_id >= " .
- $_SERVER["argv"][1] .
- " and host_id <= " .
- $_SERVER["argv"][2] . "))");
+ $polling_items = db_fetch_assoc("
+ SELECT * from poller_item
+ WHERE (host_id >= " . $_SERVER["argv"][1] . "
+ AND host_id <= " . $_SERVER["argv"][2] . ")
+ ORDER by host_id");
+
+ $script_server_calls = db_fetch_cell("
+ SELECT count(*)
+ FROM poller_item
+ WHERE (action=2
+ AND (host_id >= " . $_SERVER["argv"][1] . "
+ AND host_id <= " . $_SERVER["argv"][2] . "))");
}else{
print "ERROR: Invalid Arguments. The first argument must be less than or equal to the first.\n";
print "USAGE: CMD.PHP [[first_host] [second_host]]\n";
--- copy_cacti_user.php
+++ copy_cacti_user.php
@@ -25,9 +25,10 @@
*/

/* do NOT run this script through a web browser */
-if (! isset($_SERVER["argv"][0])) {
- die("This script is only meant to run at the command line.\n");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
}
+
if (empty($_SERVER["argv"][2])) {
die("\nSyntax:\n php copy_cacti_user.php <template user> <new user>\n\n");
}
--- poller.php
+++ poller.php
@@ -26,8 +26,8 @@
*/

/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
- die(" This script is only meant to run at the command line.");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
}

/* We are not talking to the browser */
--- poller_commands.php
+++ poller_commands.php
@@ -27,8 +27,8 @@
define("MAX_RECACHE_RUNTIME", 296);

/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
- die(" This script is only meant to run at the command line.");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
}

/* We are not talking to the browser */
--- poller_export.php
+++ poller_export.php
@@ -25,8 +25,8 @@
*/

/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
- die(" This script is only meant to run at the command line.");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
}

/* We are not talking to the browser */
--- poller_reindex_hosts.php
+++ poller_reindex_hosts.php
@@ -25,8 +25,8 @@
*/

/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
- die(" This script is only meant to run at the command line.");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
}

ini_set("max_execution_time", "0");
--- rebuild_poller_cache.php
+++ rebuild_poller_cache.php
@@ -25,8 +25,8 @@
*/

/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
- die(" This script is only meant to run at the command line.");
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
}

$no_http_headers = true;
--- script_server.php
+++ script_server.php
@@ -1,3 +1,4 @@
+#!/usr/bin/php -q
<?php
/*
+-------------------------------------------------------------------------+
@@ -27,7 +28,6 @@

/* do NOT run this script through a web browser */
-if (!isset($_SERVER["argv"][0])) {
- die(" This script is only meant to run at the command line.");
- exit(-1);
+if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR'])) {
+ die(" This script is only meant to run at the command line.");
}

--- tree.php
+++ tree.php
@@ -380,6 +380,11 @@
input_validate_input_number(get_request_var("id"));
/* ==================================================== */

+ /* clean up subaction */
+ if (isset($_REQUEST["subaction"])) {
+ $_REQUEST["subaction"] = sanitize_search_string(get_request_var("subaction"));
+ }
+
if (!empty($_GET["id"])) {
$tree = db_fetch_row("select * from graph_tree where id=" . $_GET["id"]);
$header_label = "[edit: " . $tree["name"] . "]";
++++++ cacti-0.8.6h-path_fix.patch ++++++
--- include/config_settings.php
+++ include/config_settings.php
@@ -98,7 +98,7 @@
"friendly_name" => "Cacti Log File Path",
"description" => "The path to your Cacti log file (if blank, defaults to <path_cacti>/log/cacti.log)",
"method" => "textbox",
- "default" => $config["base_path"] . "/log/cacti.log",
+ "default" => "/var/log/cacti/cacti.log",
"max_length" => "255"
),
"pollerpaths_header" => array(
--- install/index.php
+++ install/index.php
@@ -246,7 +246,7 @@
if (config_value_exists("path_cactilog")) {
$input["path_cactilog"]["default"] = read_config_option("path_cactilog");
} else {
- $input["path_cactilog"]["default"] = $config["base_path"] . "/log/cacti.log";
+ $input["path_cactilog"]["default"] = "/var/log/cacti/cacti.log";
}

/* SNMP Version */
--- lib/functions.php
+++ lib/functions.php
@@ -324,7 +324,7 @@
/* Log to Logfile */
if ((($logdestination == 1) || ($logdestination == 2)) && (read_config_option("log_verbosity") != POLLER_VERBOSITY_NONE)) {
if ($logfile == "") {
- $logfile = $config["base_path"] . "/log/cacti.log";
+ $logfile = "/var/log/cacti/cacti.log";
}

/* echo the data to the log (append) */
@@ -767,7 +767,7 @@

/* whether to show the "actual" path or the <path_rra> variable name (for edit boxes) */
if ($expand_paths == true) {
- $data_source_path = str_replace("<path_rra>", $config["base_path"] . "/rra", $data_source_path);
+ $data_source_path = str_replace("<path_rra>", "/var/lib/cacti", $data_source_path);
}

return $data_source_path;
--- script_server.pl
+++ script_server.pl
@@ -1,4 +1,4 @@
-chdir("./scripts");
+chdir("/usr/share/cacti/scripts");
$loaded = 0;
while ($file = <*.pl>) {
next if $file eq $0;
--- utilities.php
+++ utilities.php
@@ -106,7 +106,7 @@
$logfile = read_config_option("path_cactilog");

if ($logfile == "") {
- $logfile = "./log/rrd.log";
+ $logfile = "/var/log/cacti/rrd.log";
}

/* helps determine output color */
@@ -192,7 +192,7 @@
$logfile = read_config_option("path_cactilog");

if ($logfile == "") {
- $logfile = "./log/cacti.log";
+ $logfile = "/var/log/cacti/cacti.log";
}

html_start_box("Clear Cacti Log File", "98%", $colors["header"], "1", "center", "");

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous

Next >

Mailinglist Archive: opensuse-commit (1139 mails)

commit cacti

Search this list

List Navigation

This Thread