Gentoo Archives: gentoo-announce

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200506-20 ] Cacti: Several vulnerabilities
Date: Wed, 22 Jun 2005 15:21:43
Message-Id: 200506221651.21903.jaervosz@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200506-20
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Cacti: Several vulnerabilities
9 Date: June 22, 2005
10 Bugs: #96243
11 ID: 200506-20
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Cacti is vulnerable to several SQL injection and file inclusion
19 vulnerabilities.
20
21 Background
22 ==========
23
24 Cacti is a complete web-based frontend to rrdtool.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-analyzer/cacti < 0.8.6e >= 0.8.6e
33
34 Description
35 ===========
36
37 Cacti fails to properly sanitize input which can lead to SQL injection
38 as well as PHP file inclusion.
39
40 Impact
41 ======
42
43 An attacker could potentially exploit the file inclusion to execute
44 arbitrary code with the permissions of the web server. An attacker
45 could exploit the SQL injection to gain information from the database.
46 Only systems with register_globals set to "On" are vulnerable to the
47 file inclusion bugs. Gentoo Linux ships with register_globals set to
48 "Off" by default.
49
50 Workaround
51 ==========
52
53 There is no known workaround at this time.
54
55 Resolution
56 ==========
57
58 All Cacti users should upgrade to the latest version:
59
60 # emerge --sync
61 # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6e"
62
63 Note: Users with the vhosts USE flag set should manually use
64 webapp-config to finalize the update.
65
66 References
67 ==========
68
69 [ 1 ] Cacti Release Notes
70 http://www.cacti.net/release_notes_0_8_6e.php
71 [ 2 ] iDEFENSE SQL injection advisory
72 http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=false
73 [ 3 ] iDEFENSE config_settings advisory
74 http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=false
75 [ 4 ] iDEFENSE remote file inclusion advisory
76 http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=false
77
78 Availability
79 ============
80
81 This GLSA and any updates to it are available for viewing at
82 the Gentoo Security Website:
83
84 http://security.gentoo.org/glsa/glsa-200506-20.xml
85
86 Concerns?
87 =========
88
89 Security is a primary focus of Gentoo Linux and ensuring the
90 confidentiality and security of our users machines is of utmost
91 importance to us. Any security concerns should be addressed to
92 security@g.o or alternatively, you may file a bug at
93 http://bugs.gentoo.org.
94
95 License
96 =======
97
98 Copyright 2005 Gentoo Foundation, Inc; referenced text
99 belongs to its owner(s).
100
101 The contents of this document are licensed under the
102 Creative Commons - Attribution / Share Alike license.
103
104 http://creativecommons.org/licenses/by-sa/2.0