another update: i've tested the patch provided by upstream, and after grabbing an additional patch from svn to fix a regression in this patch, things seem to be good so i've uploaded it to unstable. thus a fix should be in cacti version 0.8.6i-3.
as for stable, i've backported the patch and done some testing and i believe everything should be good in version 0.8.6c-7sarge4, available at: http://people.debian.org/~seanius/cacti/sarge/cacti_0.8.6c-7sarge4_all.deb http://people.debian.org/~seanius/cacti/sarge/cacti_0.8.6c-7sarge4.diff.gz http://people.debian.org/~seanius/cacti/sarge/cacti_0.8.6c-7sarge4.dsc http://people.debian.org/~seanius/cacti/sarge/cacti_0.8.6c-7sarge4_i386.changes and for some text in the DSA, here's the text from mitre.org (with a slight grammatical fix from yours truly): --- A SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. --- security peeps: let me know if you need anything else from me. sean
signature.asc
Description: This is a digitally signed message part