Test Kennung:	1.3.6.1.4.1.25623.1.0.55070
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLSA-2005:978 (cacti)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLSA-2005:978. 1.CVE-2005-1524 Cacti contains an input validation error in the top_graph_header.php script that allows an attacker to include arbitrary PHP code from remote sites. This in effect allows arbitrary code execution with the privileges of the web server. 2.CVE-2005-1525 Cacti contains an input validation error in the config_settings.php script which allows an attacker to execute arbitrary SQL queries. This in effect allows an attacker to recover the administrative password for the Cacti installation. Various scripts are vulnerable to SQL injection using the 'id' variable. 3.CVE-2005-1526 Cacti contains an input validation error in the config_settings.php script which allows an attacker to include arbitrary PHP code from remote sites. This in effect allows arbitrary code execution with the privileges of the web server. IMPORTANT For Conectiva Linux 10: The cacti cron command must be changed from '/srv/www/default/html/cacti/cmd.php' to '/srv/www/default/html/cacti/poller.php' in order to get the new cacti properly working. For Conectiva Linux 9: The database must be converted in order to make cacti work again and also apply the above cron change. For aditional information on upgrading cacti please, refer to the file /srv/www/default/html/cacti/docs/INSTALL included in the package. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000978 http://www.cacti.net http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=true http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=true Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1524 Conectiva Linux advisory: CLSA-2005:978 http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978 Debian Security Information: DSA-764 (Google Search) http://www.debian.org/security/2005/dsa-764 http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17426 http://securitytracker.com/id?1014252 http://secunia.com/advisories/15490 http://secunia.com/advisories/15931 http://secunia.com/advisories/16136 XForce ISS Database: cacti-topgraphheader-file-include(21118) https://exchange.xforce.ibmcloud.com/vulnerabilities/21118 Common Vulnerability Exposure (CVE) ID: CVE-2005-1525 BugTraq ID: 14027 http://www.securityfocus.com/bid/14027 http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17424 XForce ISS Database: cacti-configsettings-sql-injection(21120) https://exchange.xforce.ibmcloud.com/vulnerabilities/21120 Common Vulnerability Exposure (CVE) ID: CVE-2005-1526 BugTraq ID: 14028 http://www.securityfocus.com/bid/14028 http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities http://www.osvdb.org/17425 XForce ISS Database: cacti-configsettings-file-include(21119) https://exchange.xforce.ibmcloud.com/vulnerabilities/21119
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.