Date: Wed, 7 Aug 2013 21:16:02 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com, kseifried@...hat.com Cc: Vincent Danen <vdanen@...hat.com> Subject: Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Hi Kurt, hi Vincent, On Wed, Aug 07, 2013 at 11:18:53AM -0600, Kurt Seifried wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 08/07/2013 10:06 AM, Vincent Danen wrote: > > Cacti 0.8.8b was released today  with a changelog that notes: > > > > Cacti 0.8.8b Change Log [...] * security: SQL injection and shell > > escaping issues > > > > It looks like the SQL injection issue is in api_poller.php and > > utility.php  > > > > I think there are two shell escaping issue: > > > > 1) snmp.php: Use escapeshellarg() instead of custom escape function > > for snmp library  2) rrd.php: Properly escape all user input for > > consumption by rrdtool  > > > > > >  http://sourceforge.net/mailarchive/message.php?msg_id=31258868 > >  http://svn.cacti.net/viewvc?view=rev&revision=7394  > > http://svn.cacti.net/viewvc?view=rev&revision=7392  > > http://svn.cacti.net/viewvc?view=rev&revision=7393 > > > > > > Looks like 3 CVEs are needed. > > > > JUST FYI vdanen/myself were emailed off list about some CVE's that may > have already been assigned to this. Just waiting on that info before > proceeding. The Debian Security Team had assigned the following CVEs: CVE-2013-1434: for the SQL injection issues, fixed by http://svn.cacti.net/viewvc?view=rev&revision=7394 CVE-2013-1435: for the shell escaping issues, fixed by http://svn.cacti.net/viewvc?view=rev&revision=7392 and http://svn.cacti.net/viewvc?view=rev&revision=7393 Regards, Salvatore Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ