Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130807160642.GR19155@redhat.com>
Date: Wed, 7 Aug 2013 10:06:42 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: SQL injection and shell escaping issues in Cacti <
 0.8.8b

Cacti 0.8.8b was released today [1] with a changelog that notes:

Cacti 0.8.8b Change Log
[...]
   * security: SQL injection and shell escaping issues

It looks like the SQL injection issue is in api_poller.php and
utility.php [2]

I think there are two shell escaping issue:

1) snmp.php: Use escapeshellarg() instead of custom escape function for snmp library [3]
2) rrd.php: Properly escape all user input for consumption by rrdtool [4]


[1] http://sourceforge.net/mailarchive/message.php?msg_id=31258868
[2] http://svn.cacti.net/viewvc?view=rev&revision=7394
[3] http://svn.cacti.net/viewvc?view=rev&revision=7392
[4] http://svn.cacti.net/viewvc?view=rev&revision=7393


Looks like 3 CVEs are needed.

-- 
Vincent Danen / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.