 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.55070 |
| Category: | Conectiva Local Security Checks |
| Title: | Conectiva Security Advisory CLSA-2005:978 (cacti) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory CLSA-2005:978. 1.CVE-2005-1524 Cacti contains an input validation error in the top_graph_header.php script that allows an attacker to include arbitrary PHP code from remote sites. This in effect allows arbitrary code execution with the privileges of the web server. 2.CVE-2005-1525 Cacti contains an input validation error in the config_settings.php script which allows an attacker to execute arbitrary SQL queries. This in effect allows an attacker to recover the administrative password for the Cacti installation. Various scripts are vulnerable to SQL injection using the 'id' variable. 3.CVE-2005-1526 Cacti contains an input validation error in the config_settings.php script which allows an attacker to include arbitrary PHP code from remote sites. This in effect allows arbitrary code execution with the privileges of the web server. IMPORTANT For Conectiva Linux 10: The cacti cron command must be changed from '/srv/www/default/html/cacti/cmd.php' to '/srv/www/default/html/cacti/poller.php' in order to get the new cacti properly working. For Conectiva Linux 9: The database must be converted in order to make cacti work again and also apply the above cron change. For aditional information on upgrading cacti please, refer to the file /srv/www/default/html/cacti/docs/INSTALL included in the package. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000978 http://www.cacti.net http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=true http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=true Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-1524 Conectiva Linux advisory: CLSA-2005:978 http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978 Debian Security Information: DSA-764 (Google Search) http://www.debian.org/security/2005/dsa-764 http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17426 http://securitytracker.com/id?1014252 http://secunia.com/advisories/15490 http://secunia.com/advisories/15931 http://secunia.com/advisories/16136 XForce ISS Database: cacti-topgraphheader-file-include(21118) https://exchange.xforce.ibmcloud.com/vulnerabilities/21118 Common Vulnerability Exposure (CVE) ID: CVE-2005-1525 BugTraq ID: 14027 http://www.securityfocus.com/bid/14027 http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17424 XForce ISS Database: cacti-configsettings-sql-injection(21120) https://exchange.xforce.ibmcloud.com/vulnerabilities/21120 Common Vulnerability Exposure (CVE) ID: CVE-2005-1526 BugTraq ID: 14028 http://www.securityfocus.com/bid/14028 http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities http://www.osvdb.org/17425 XForce ISS Database: cacti-configsettings-file-include(21119) https://exchange.xforce.ibmcloud.com/vulnerabilities/21119 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |