Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 7 Aug 2013 21:16:02 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com, kseifried@...hat.com
Cc: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: SQL injection and shell escaping
 issues in Cacti < 0.8.8b

Hi Kurt, hi Vincent,

On Wed, Aug 07, 2013 at 11:18:53AM -0600, Kurt Seifried wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 08/07/2013 10:06 AM, Vincent Danen wrote:
> > Cacti 0.8.8b was released today [1] with a changelog that notes:
> > 
> > Cacti 0.8.8b Change Log [...] * security: SQL injection and shell
> > escaping issues
> > 
> > It looks like the SQL injection issue is in api_poller.php and 
> > utility.php [2]
> > 
> > I think there are two shell escaping issue:
> > 
> > 1) snmp.php: Use escapeshellarg() instead of custom escape function
> > for snmp library [3] 2) rrd.php: Properly escape all user input for
> > consumption by rrdtool [4]
> > 
> > 
> > [1] http://sourceforge.net/mailarchive/message.php?msg_id=31258868 
> > [2] http://svn.cacti.net/viewvc?view=rev&revision=7394 [3]
> > http://svn.cacti.net/viewvc?view=rev&revision=7392 [4]
> > http://svn.cacti.net/viewvc?view=rev&revision=7393
> > 
> > 
> > Looks like 3 CVEs are needed.
> > 
> 
> JUST FYI vdanen/myself were emailed off list about some CVE's that may
> have already been assigned to this. Just waiting on that info before
> proceeding.

The Debian Security Team had assigned the following CVEs:

CVE-2013-1434: for the SQL injection issues, fixed by
http://svn.cacti.net/viewvc?view=rev&revision=7394

CVE-2013-1435: for the shell escaping issues, fixed by
http://svn.cacti.net/viewvc?view=rev&revision=7392 and
http://svn.cacti.net/viewvc?view=rev&revision=7393

Regards,
Salvatore

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ