|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200408-21] Cacti: SQL injection vulnerability Vulnerability Scan
Vulnerability Scan Summary Cacti: SQL injection vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-21
(Cacti: SQL injection vulnerability)
Cacti is vulnerable to a SQL injection attack where a possible hacker may inject
SQL into the Username field.
Impact
A possible hacker could compromise the Cacti service and potentially execute
programs with the permissions of the user running Cacti. Only systems with
php_flag magic_quotes_gpc set to Off are vulnerable. By default, Gentoo
Linux installs PHP with this option set to On.
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of Cacti.
References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0717.html
Solution:
All users should upgrade to the latest available version of Cacti, as
follows:
# emerge sync
# emerge -pv ">=net-analyzer/cacti-0.8.5a-r1"
# emerge ">=net-analyzer/cacti-0.8.5a-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|