Date: Tue, 5 Jan 2016 13:07:57 +0100 From: Andreas Stieger <astieger@...e.de> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Hello, On 01/05/2016 12:12 PM, Salvatore Bonaccorso wrote: > On Tue, Jan 05, 2016 at 10:20:23AM +0100, Andreas Stieger wrote: >> On 01/05/2016 12:58 AM, cve-assign@...re.org wrote: >>>> Another SQL injection vulnerability via graphs_new.php in cacti was >>>> found, reported to the bug http://bugs.cacti.net/view.php?id=2652 >>> http://bugs.cacti.net/view.php?id=2652 is CVE-2015-8604. >> Check against a possible duplicate assignment with CVE-2015-8377? >> >> http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1291222 >> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8377 >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8377 > Theree are two different vulnerabilities here, see second comment in > http://bugs.cacti.net/view.php?id=2652 which describe both, the > CVE-2015-8377 and the new assigned one (CVE-2015-8604). Thanks for the clarification, Andreas -- Andreas Stieger <astieger@...e.de> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ