10951 – cacti: SQL injection and shell escaping issues

Bug 10951 - cacti: SQL injection and shell escaping issues

Summary: cacti: SQL injection and shell escaping issues

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-08-07 12:29 CEST by Oden Eriksson
Modified:	2013-08-07 12:44 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	cacti
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Oden Eriksson 2013-08-07 12:29:18 CEST

http://www.cacti.net/changelog.php

0.8.8b
 
bug: Fixed issue with custom data source information being lost when saved from edit
bug: Repopulate the poller cache on new installations
bug: Fix issue with poller not escaping the script query path correctly
bug: Allow snmpv3 priv proto none
bug: Fix issue where host activate may flush the entire poller item cache
security: SQL injection and shell escaping issues 








Reproducible: 

Steps to Reproduce:

Comment 1 Oden Eriksson 2013-08-07 12:31:31 CEST

0.8.8b was just submitted to cauldron.

Comment 2 David Walser 2013-08-07 12:42:47 CEST

Please correct me if I'm wrong, but don't we only have cacti in Cauldron?

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Version: 2 => Cauldron
Resolution: (none) => FIXED

Comment 3 Oden Eriksson 2013-08-07 12:44:17 CEST

Yep.

Note You need to log in before you can comment on or make changes to this bug.