Bug 95513 (CVE-2005-2149)

Summary: VUL-0: CVE-2005-2149: cacti 0.8.6f released
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Matthias Eckermann <mge>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: aj, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-2149: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2005-07-07 11:41:07 UTC 
Cacti version 0.8.6f has been released to address three security 
 vulnerabilities that have been disclosed by the PHP-Hardened Project. 
  
 It is recommended that all users upgrade immediately. A patch containing 
 only the security fixes has been provided for both Cacti versions 0.8.6d 
 and 0.8.6e. Please see the official patches page for application 
 instructions and further information. 
  
 http://www.cacti.net/download_patches.php 
  
 See the release notes for additional information about this release. 
  
 http://www.cacti.net/release_notes_0_8_6f.php 
  
 All files related to this release can be found under the downloads 
 section on the Cacti website. 
  
 http://www.cacti.net/download_cacti.php 
  
 Ian
Comment 1 Marcus Meissner 2005-07-07 11:41:23 UTC 
Here are two more ids for the problems in cacti, in particular what 
Stefan Esser discovered. 
 
Regards, 
 
        Joey 
 
====================================================== 
Candidate: CAN-2005-2148 
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2148 
Final-Decision:  
Interim-Decision:  
Modified:  
Proposed:  
Assigned: 20050706 
Category: SF 
Reference: MISC:http://www.hardened-php.net/advisory-032005.php 
Reference: MISC:http://www.hardened-php.net/advisory-042005.php 
Reference: MLIST:[cacti-announce] 20050701 Cacti 0.8.6f Released 
Reference: 
URL:http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 
Reference: 
CONFIRM:http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch 
 
Cacti 0.8.6e and earlier does not perform proper input validation to 
protect against common attacks, which allows remote attackers to 
execute arbitrary commands or SQL by sending a legitimate value in a 
POST request or cookie, then specifying the attack string in the URL, 
which causes the get_request_var function to return the wrong value in 
the $_REQUEST variable, which is cleansed while the original malicious 
$_GET value remains unmodified, as demonstrated in (1) graph_image.php 
and (2) graph.php. 
 
 
 
====================================================== 
Candidate: CAN-2005-2149 
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2149 
Final-Decision:  
Interim-Decision:  
Modified:  
Proposed:  
Assigned: 20050706 
Category: SF 
Reference: MISC:http://www.hardened-php.net/advisory-052005.php 
Reference: MLIST:[cacti-announce] 20050701 Cacti 0.8.6f Released 
Reference: 
URL:http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 
Reference: 
CONFIRM:http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch 
 
config.php in Cacti 0.8.6e and earlier allows remote attackers to set 
to modify session information to gain privileges and disable the use 
of addslashes to protect against SQL injection by setting the 
no_http_headers switch.
Comment 2 Marcus Meissner 2005-07-07 11:43:00 UTC 
actually a dup. sorry  

*** This bug has been marked as a duplicate of 91166 ***
Comment 3 Thomas Biege 2009-10-13 21:31:16 UTC 
CVE-2005-2149: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)