Summary: | <net-analyzer/cacti-0.8.8f-r1: SQL injection in graph.php (CVE-2015-{8369,8377}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1291778 | ||
Whiteboard: | B4 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-12-16 08:30:37 UTC
Arch teams, please test and mark stable: =net-analyzer/cacti-0.8.8f-r1 Targeted stable KEYWORDS : alpha amd64 hppa sparc x86 Stable on alpha. amd64 stable x86 stable Stable for HPPA. sparc stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work. GLSA Vote: Yes New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). CVE-2015-8377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8377): SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. This issue was resolved and addressed in GLSA 201607-05 at https://security.gentoo.org/glsa/201607-05 by GLSA coordinator Aaron Bauman (b-man). |