From FD: a) Full path disclosure In several parts of the code when anyone try to open files in directories who do not appear at first like: include, lib, scripts, etc. an error appears allowing to see the route him where is installed the program. <snip> b) SQL injection and bypass the authentication. Injection of code is possible in the index.php file to pass auth.
Netmon will you please verify that we are vulnerable and patch if needed. http://cvs.raxnet.net/cgi-bin/viewcvs.cgi/cacti/auth_login.php
yep. I'll prepare a patch for it.
0.8.5a-r1 in portage, stable on x86.
Security please draft GLSA
It should be noted that you _MUST_ back up a copy of your include/config.php before merging cacti or you will lose your database settings and cacti will have to be reconfigured. cp /var/www/localhost/htdocs/cacti/include/config.php ~ emerge '>=net-analyzer/cacti-0.8.5a-r1' cp ~/config.php /var/www/localhost/htdocs/cacti/include/config.php
Hmm. I moved config.php to config-sample.php. that should handle that.
magic_quotes_gpc is on by default so this is not that big an issue. Security please vote about GLSA publication.
Revision 1.49 / (view) - annotate - [select for diffs] , Wed Jul 21 05:30:27 2004 UTC (4 weeks, 1 day ago) by iberry Branch: MAIN CVS Tags: HEAD Changes since 1.48: +7 -10 lines Diff to previous 1.48 remove security hazard ------------------------------ I vote yes.
GLSA drafted. Security please review. This patch does not seem to solve the full path disclosure problem.
Path issue was not fixed but most web-apps suffer the same issue. GLSA 200408-21