Oval Definition:oval:org.mitre.oval:def:13352
Revision Date:2014-06-23Version:20
Title:DSA-2060-1 cacti -- insufficient input sanitisation
Description:Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value. For the stable distribution, this problem has been fixed in version 0.8.7b-2.1+lenny3. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.8.7e-4. We recommend that you upgrade your cacti packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-2092
DSA-2060-1
Platform(s):Debian GNU/Linux 5.0
Product(s):cacti
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND cacti DPKG is earlier than 0.8.7b-2.1+lenny3
  • BACK