Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:092 (cacti)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67372

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:092 (cacti)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to cacti
announced via advisory MDVSA-2010:092.

A vulnerability has been found and corrected in cacti:

SQL injection vulnerability in templates_export.php in Cacti 0.8.7e
and earlier allows remote attackers to execute arbitrary SQL commands
via the export_item_id parameter (CVE-2010-1431).

Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4.

The updated packages have been patched to correct this issue.

Affected: Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:092

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1431
20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e
http://seclists.org/fulldisclosure/2010/Apr/272
39568
http://secunia.com/advisories/39568
39572
http://secunia.com/advisories/39572
39653
http://www.securityfocus.com/bid/39653
41041
http://secunia.com/advisories/41041
ADV-2010-0986
http://www.vupen.com/english/advisories/2010/0986
ADV-2010-1107
http://www.vupen.com/english/advisories/2010/1107
ADV-2010-2132
http://www.vupen.com/english/advisories/2010/2132
DSA-2039
http://www.debian.org/security/2010/dsa-2039
MDVSA-2010:092
http://www.mandriva.com/security/advisories?name=MDVSA-2010:092
RHSA-2010:0635
https://rhn.redhat.com/errata/RHSA-2010-0635.html
SUSE-SR:2010:011
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67372
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:092 (cacti)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cacti announced via advisory MDVSA-2010:092. A vulnerability has been found and corrected in cacti: SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter (CVE-2010-1431). Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4. The updated packages have been patched to correct this issue. Affected: Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:092 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1431 20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e http://seclists.org/fulldisclosure/2010/Apr/272 39568 http://secunia.com/advisories/39568 39572 http://secunia.com/advisories/39572 39653 http://www.securityfocus.com/bid/39653 41041 http://secunia.com/advisories/41041 ADV-2010-0986 http://www.vupen.com/english/advisories/2010/0986 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 ADV-2010-2132 http://www.vupen.com/english/advisories/2010/2132 DSA-2039 http://www.debian.org/security/2010/dsa-2039 MDVSA-2010:092 http://www.mandriva.com/security/advisories?name=MDVSA-2010:092 RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909 http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com