ports/146021: [security] cacti sql injection & command execution
niels
niels at FreeBSD.org
Sat Apr 24 20:40:02 UTC 2010
>Number: 146021
>Category: ports
>Synopsis: [security] cacti sql injection & command execution
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Apr 24 20:40:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: niels
>Release: 8.0-STABLE
>Organization:
>Environment:
>Description:
Two vulnerabilities found in Cacti affect our port. One of them has been patched by the developers. Please refer to the links below for more info:
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php
http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php
This PR is a reminder to update the port. A VuXML entry will be commited to mark the current version of the port vulnerable.
>How-To-Repeat:
N/A
>Fix:
Please update the port using the upstream security patch
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list