sean finney wrote: > hi, > > i've prepared a new version which addresses both the previous issues > addressed in sarge0 and the new hardened-php reported issues: > > deb http://people.debian.org/~seanius/cacti/sarge ./ > deb-src http://people.debian.org/~seanius/cacti/sarge ./ > > version: 0.8.6c-7sarge2 > > note the sources have changed from the previous location.
I have modified the version to reflect the needs for security a bit. Two more CVE ids have been assigned: ====================================================== Candidate: CAN-2005-2148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2148 Reference: MISC:http://www.hardened-php.net/advisory-032005.php Reference: MISC:http://www.hardened-php.net/advisory-042005.php Reference: MLIST:[cacti-announce] 20050701 Cacti 0.8.6f Released Reference: URL:http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 Reference: CONFIRM:http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php. ====================================================== Candidate: CAN-2005-2149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2149 Reference: MISC:http://www.hardened-php.net/advisory-052005.php Reference: MLIST:[cacti-announce] 20050701 Cacti 0.8.6f Released Reference: URL:http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 Reference: CONFIRM:http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch config.php in Cacti 0.8.6e and earlier allows remote attackers to set to modify session information to gain privileges and disable the use of addslashes to protect against SQL injection by setting the no_http_headers switch. Please mention them in the sid package as well when you're doing the next upload. Regards, Joey -- Given enough thrust pigs will fly, but it's not necessarily a good idea.
signature.asc
Description: Digital signature