cacti: incomplete and incorrect input parsing leads to remote code execution and SQL injection attacks (bug#0002455 CVE-2014-5261 CVE-2014-5262)
A patch has been released that fixes one more security issue in cacti 0.8.8 and 0.8.9:
http://svn.cacti.net/viewvc?view=rev&revision=7454
(from redmine: issue id 3295, created on 2014-08-15, closed on 2014-08-22)
- Relations:
- child #3296 (closed)
- child #3297 (closed)
- child #3298 (closed)
- child #3299 (closed)
- Changesets:
- Revision 89757940 by Natanael Copa on 2014-08-21T08:49:46Z:
main/cacti: fix from upstream for incomplete and incorrect input parsing
ref #3295
http://svn.cacti.net/viewvc?view=rev&revision=7454
- Revision 91e5cd94 by Natanael Copa on 2014-08-21T08:51:34Z:
main/cacti: fix from upstream for incomplete and incorrect input parsing
ref #3295
fixes #3299
http://svn.cacti.net/viewvc?view=rev&revision=7454
- Revision 2f21ad27 by Natanael Copa on 2014-08-21T08:59:19Z:
main/cacti: fix from upstream for incomplete and incorrect input parsing
ref #3295
fixes #3298
http://svn.cacti.net/viewvc?view=rev&revision=7454
- Revision 36c2984e by Natanael Copa on 2014-08-21T09:03:00Z:
main/cacti: fix from upstream for incomplete and incorrect input parsing
ref #3295
fixes #3297
http://svn.cacti.net/viewvc?view=rev&revision=7454
- Revision 1121624a by Natanael Copa on 2014-08-21T09:07:24Z:
main/cacti: fix from upstream for incomplete and incorrect input parsing
ref #3295
fixes #3296
http://svn.cacti.net/viewvc?view=rev&revision=7454