Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2007:015 (cacti)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57796

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2007:015 (cacti)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to cacti
announced via advisory MDKSA-2007:015.

SQL injection vulnerability in Cacti 0.8.6i and earlier, when
register_argc_argv is enabled, allows remote attackers to execute
arbitrary SQL commands via the (1) second or (2) third arguments to
cmd.php. NOTE: this issue can be leveraged to execute arbitrary
commands since the SQL query results are later used in the
polling_items array and popen function.

Updated packages are patched to address this issue.

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:015

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-6799
BugTraq ID: 21799
http://www.securityfocus.com/bid/21799
Bugtraq: 20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released (Google Search)
http://www.securityfocus.com/archive/1/457290/100/0/threaded
Debian Security Information: DSA-1250 (Google Search)
http://www.debian.org/security/2007/dsa-1250
https://www.exploit-db.com/exploits/3029
http://security.gentoo.org/glsa/glsa-200701-23.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:015
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html
http://securitytracker.com/id?1017451
http://secunia.com/advisories/23528
http://secunia.com/advisories/23665
http://secunia.com/advisories/23917
http://secunia.com/advisories/23941
SuSE Security Announcement: SUSE-SA:2007:007 (Google Search)
http://www.novell.com/linux/security/advisories/2007_07_cacti.html
http://www.vupen.com/english/advisories/2006/5193
XForce ISS Database: cacti-cmd-sql-injection(31177)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31177

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57796
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:015 (cacti)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cacti announced via advisory MDKSA-2007:015. SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. Updated packages are patched to address this issue. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:015 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6799 BugTraq ID: 21799 http://www.securityfocus.com/bid/21799 Bugtraq: 20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released (Google Search) http://www.securityfocus.com/archive/1/457290/100/0/threaded Debian Security Information: DSA-1250 (Google Search) http://www.debian.org/security/2007/dsa-1250 https://www.exploit-db.com/exploits/3029 http://security.gentoo.org/glsa/glsa-200701-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:015 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html http://securitytracker.com/id?1017451 http://secunia.com/advisories/23528 http://secunia.com/advisories/23665 http://secunia.com/advisories/23917 http://secunia.com/advisories/23941 SuSE Security Announcement: SUSE-SA:2007:007 (Google Search) http://www.novell.com/linux/security/advisories/2007_07_cacti.html http://www.vupen.com/english/advisories/2006/5193 XForce ISS Database: cacti-cmd-sql-injection(31177) https://exchange.xforce.ibmcloud.com/vulnerabilities/31177
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com