From: | Thierry Carrez <koon@g.o> |
---|---|
To: | gentoo-announce@l.g.o |
Cc: | bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com |
Subject: | [gentoo-announce] UPDATE: [ GLSA 200506-20 ] Cacti: Several vulnerabilities |
Date: | Thu, 07 Jul 2005 21:17:10 |
Message-Id: | 42CD9818.3030000@gentoo.org |
1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 | Gentoo Linux Security Advisory [UPDATE] GLSA 200506-20:02 |
3 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 | http://security.gentoo.org/ |
5 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 | |
7 | Severity: High |
8 | Title: Cacti: Several vulnerabilities |
9 | Date: June 22, 2005 |
10 | Updated: July 06, 2005 |
11 | Bugs: #96243, #97475 |
12 | ID: 200506-20:02 |
13 | |
14 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
15 | |
16 | Update |
17 | ====== |
18 | |
19 | Stefan Esser of the Hardened - PHP Project discovered that some of |
20 | the recent vulnerabilities were incorrectly fixed, as well as a new |
21 | vulnerability. |
22 | |
23 | The updated sections appear below. |
24 | |
25 | Synopsis |
26 | ======== |
27 | |
28 | Cacti is vulnerable to several SQL injection, authentication bypass and |
29 | file inclusion vulnerabilities. |
30 | |
31 | Background |
32 | ========== |
33 | |
34 | Cacti is a complete web-based frontend to rrdtool. |
35 | |
36 | Affected packages |
37 | ================= |
38 | |
39 | ------------------------------------------------------------------- |
40 | Package / Vulnerable / Unaffected |
41 | ------------------------------------------------------------------- |
42 | 1 net-analyzer/cacti < 0.8.6f >= 0.8.6f |
43 | |
44 | Description |
45 | =========== |
46 | |
47 | Cacti fails to properly sanitize input which can lead to SQL injection, |
48 | authentication bypass as well as PHP file inclusion. |
49 | |
50 | Impact |
51 | ====== |
52 | |
53 | An attacker could potentially exploit the file inclusion to execute |
54 | arbitrary code with the permissions of the web server. An attacker |
55 | could exploit these vulnerabilities to bypass authentication or inject |
56 | SQL queries to gain information from the database. Only systems with |
57 | register_globals set to "On" are affected by the file inclusion and |
58 | authentication bypass vulnerabilities. Gentoo Linux ships with |
59 | register_globals set to "Off" by default. |
60 | |
61 | Workaround |
62 | ========== |
63 | |
64 | There is no known workaround at this time. |
65 | |
66 | Resolution |
67 | ========== |
68 | |
69 | All Cacti users should upgrade to the latest version: |
70 | |
71 | # emerge --sync |
72 | # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6f" |
73 | |
74 | Note: Users with the vhosts USE flag set should manually use |
75 | webapp-config to finalize the update. |
76 | |
77 | References |
78 | ========== |
79 | |
80 | [ 1 ] Cacti Release Notes - 0.8.6e |
81 | http://www.cacti.net/release_notes_0_8_6e.php |
82 | [ 2 ] iDEFENSE SQL injection advisory |
83 | |
84 | http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=false |
85 | [ 3 ] iDEFENSE config_settings advisory |
86 | |
87 | http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=false |
88 | [ 4 ] iDEFENSE remote file inclusion advisory |
89 | |
90 | http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=false |
91 | [ 5 ] Cacti Release Notes - 0.8.6f |
92 | http://www.cacti.net/release_notes_0_8_6f.php |
93 | [ 6 ] Hardened - PHP Project Cacti Multiple SQL Injection Vulnerabilities |
94 | http://www.hardened-php.net/advisory-032005.php |
95 | [ 7 ] Hardened - PHP Project Cacti Remote Command Execution Vulnerability |
96 | http://www.hardened-php.net/advisory-042005.php |
97 | [ 8 ] Hardened - PHP Project Cacti Authentification/Addslashes Bypass |
98 | Vulnerability |
99 | http://www.hardened-php.net/advisory-052005.php |
100 | |
101 | Availability |
102 | ============ |
103 | |
104 | This GLSA and any updates to it are available for viewing at |
105 | the Gentoo Security Website: |
106 | |
107 | http://security.gentoo.org/glsa/glsa-200506-20.xml |
108 | |
109 | Concerns? |
110 | ========= |
111 | |
112 | Security is a primary focus of Gentoo Linux and ensuring the |
113 | confidentiality and security of our users machines is of utmost |
114 | importance to us. Any security concerns should be addressed to |
115 | security@g.o or alternatively, you may file a bug at |
116 | http://bugs.gentoo.org. |
117 | |
118 | License |
119 | ======= |
120 | |
121 | Copyright 2005 Gentoo Foundation, Inc; referenced text |
122 | belongs to its owner(s). |
123 | |
124 | The contents of this document are licensed under the |
125 | Creative Commons - Attribution / Share Alike license. |
126 | |
127 | http://creativecommons.org/licenses/by-sa/2.0 |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |