Your message dated Wed, 17 Jan 2007 06:47:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#404818: fixed in cacti 0.8.6i-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: cacti
Version: 0.8.6i-2
Severity: important
Tags: security
rgod has discovered three vulnerabilities in Cacti, which can be exploited by
malicious people to bypass certain security restrictions, manipulate data and
compromise vulnerable systems.
1) The cmd.php script does not properly restrict access to command line usage
and is installed in a web-accessible location.
Successful exploitation requires that "register_argc_argv" is enabled.
2) Input passed in the URL to cmd.php is not properly sanitised before being
used in SQL queries. This can be exploited to manipulate SQL queries by
injecting
arbitrary SQL code.
Successful exploitation requires that "register_argc_argv" is enabled.
3) The results from the SQL queries in 2) in cmd.php are not properly sanitised
before being used as shell commands. This can be exploited to inject arbitrary
shell commands.
The vulnerabilities are confirmed in version 0.8.6i. Other versions may also be
affected.
Solution:
Move the "cmd.php" script to a not web-accessible path, and update other
scripts accordingly.
Edit the source code to ensure that input is properly sanitised.
http://secunia.com/advisories/23528/
Regards,
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 0.8.6i-3
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive:
cacti_0.8.6i-3.diff.gz
to pool/main/c/cacti/cacti_0.8.6i-3.diff.gz
cacti_0.8.6i-3.dsc
to pool/main/c/cacti/cacti_0.8.6i-3.dsc
cacti_0.8.6i-3_all.deb
to pool/main/c/cacti/cacti_0.8.6i-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
sean finney <[EMAIL PROTECTED]> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 15 Jan 2007 15:36:25 +0100
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.6i-3
Distribution: unstable
Urgency: high
Maintainer: sean finney <[EMAIL PROTECTED]>
Changed-By: sean finney <[EMAIL PROTECTED]>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Closes: 404818
Changes:
cacti (0.8.6i-3) unstable; urgency=high
.
* include the list of official patches from upstream which (among other
things) resolves multiple vulnerabilities in the poller and default
scripts (Closes: 404818). thanks to Alex de Oliveira Silva for reporting
this, and Neil McGovern for a bit of consultation.
* security references:
- SA23528, CVE-2006-6799
* also include one extra changeset from svn which fixes a regression
introduced in the security patch.
* new patches:
- 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch
- 07_official_dec06-vulnerability-poller-0.8.6i.dpatch
- 07_official_poller_output_remainder.dpatch
- 07_official_import_template_argument_space_removal.dpatch
- 08_svn_timespan_breakage_fix.dpatch
Files:
efcbbb60277d99797ab2beb5853c7dc8 579 web extra cacti_0.8.6i-3.dsc
abfedc1ef4ef2ad479793a8a5dd6dcc9 33946 web extra cacti_0.8.6i-3.diff.gz
46548b2cc9db6396ebe98cdca8146343 959172 web extra cacti_0.8.6i-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFrcPcynjLPm522B0RAncbAJ9c5OHyZ52L3SKmieujmAIfAmwV7wCfRFp0
/5OMsRNDol4oTUNUUDYXCD0=
=Eibf
-----END PGP SIGNATURE-----
--- End Message ---
