Package: cacti Version: 0.8.6d-1 Severity: critical Tags: sarge Justification: root security hole
Multiple Vendor Cacti Remote File Inclusion Vulnerability: http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability: http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities: http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities note that these can not by themselves gain root access on a system, though they have been reported to be used to leverage root on sarge systems. an update has been sitting on my p.d.o site since last friday, but there has not yet been a security upload. i'll send the latest i mailed to folks as an update to this bug. sean -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.10-9-amd64-k8 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages cacti depends on: ii apache 1.3.33-6 versatile, high-performance HTTP s ii apache-ssl 1.3.33-6 versatile, high-performance HTTP s ii debconf 1.4.50 Debian configuration management sy ii libphp-adodb 4.52-1 The 'adodb' database abstraction l ii logrotate 3.7-5 Log rotation utility ii mysql-client-4.1 [mysql-clie 4.1.11a-4 mysql database client binaries ii php4 4:4.3.10-15 server-side, HTML-embedded scripti ii php4-cli 4:4.3.10-15 command-line interpreter for the p ii php4-mysql 4:4.3.10-15 MySQL module for php4 ii php4-snmp 4:4.3.10-15 SNMP module for php4 ii rrdtool 1.0.49-1 Time-series data storage and displ ii snmp 5.1.2-6.1 NET SNMP (Simple Network Managemen ii ucf 1.18 Update Configuration File: preserv -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]