ID de Prueba:	1.3.6.1.4.1.25623.1.0.55070
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLSA-2005:978 (cacti)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLSA-2005:978. 1.CVE-2005-1524 Cacti contains an input validation error in the top_graph_header.php script that allows an attacker to include arbitrary PHP code from remote sites. This in effect allows arbitrary code execution with the privileges of the web server. 2.CVE-2005-1525 Cacti contains an input validation error in the config_settings.php script which allows an attacker to execute arbitrary SQL queries. This in effect allows an attacker to recover the administrative password for the Cacti installation. Various scripts are vulnerable to SQL injection using the 'id' variable. 3.CVE-2005-1526 Cacti contains an input validation error in the config_settings.php script which allows an attacker to include arbitrary PHP code from remote sites. This in effect allows arbitrary code execution with the privileges of the web server. IMPORTANT For Conectiva Linux 10: The cacti cron command must be changed from '/srv/www/default/html/cacti/cmd.php' to '/srv/www/default/html/cacti/poller.php' in order to get the new cacti properly working. For Conectiva Linux 9: The database must be converted in order to make cacti work again and also apply the above cron change. For aditional information on upgrading cacti please, refer to the file /srv/www/default/html/cacti/docs/INSTALL included in the package. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000978 http://www.cacti.net http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=true http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=true Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1524 Conectiva Linux advisory: CLSA-2005:978 http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978 Debian Security Information: DSA-764 (Google Search) http://www.debian.org/security/2005/dsa-764 http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17426 http://securitytracker.com/id?1014252 http://secunia.com/advisories/15490 http://secunia.com/advisories/15931 http://secunia.com/advisories/16136 XForce ISS Database: cacti-topgraphheader-file-include(21118) https://exchange.xforce.ibmcloud.com/vulnerabilities/21118 Common Vulnerability Exposure (CVE) ID: CVE-2005-1525 BugTraq ID: 14027 http://www.securityfocus.com/bid/14027 http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17424 XForce ISS Database: cacti-configsettings-sql-injection(21120) https://exchange.xforce.ibmcloud.com/vulnerabilities/21120 Common Vulnerability Exposure (CVE) ID: CVE-2005-1526 BugTraq ID: 14028 http://www.securityfocus.com/bid/14028 http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities http://www.osvdb.org/17425 XForce ISS Database: cacti-configsettings-file-include(21119) https://exchange.xforce.ibmcloud.com/vulnerabilities/21119
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.