Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 261509 - <net-analyzer/centreon-1.4.2.8 remote file inclusion
Summary: <net-analyzer/centreon-1.4.2.8 remote file inclusion
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~1 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-07 00:14 UTC by Robert Buchholz (RETIRED)
Modified: 2011-10-11 16:05 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-03-07 00:14:59 UTC 
Centreon 1.4.2.8 before the (unreleased) 1.4.2.8 branch seems to suffer from a remote file inclusion vulnerability:
http://trac.centreon.com/changeset/7115/branches/centreon-1.4.2.8

Note that 2.x seems to be unaffected, however an SQL injection vulnerability has been discovered there ( http://trac.centreon.com/changeset/7582/trunk/centreon/www/main.php ) and is fixed in the 2.0 branch: http://trac.centreon.com/changeset/7581/branches/centreon-2.0.x
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2009-04-19 17:37:22 UTC 
fixed in 1.2.4.7, still hard masked for nagios-3 and path_sanity.patch testing
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2009-04-19 17:39:07 UTC 
eh, aclosed by accident
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-04-19 17:44:55 UTC 
(In reply to comment #2)
> eh, aclosed by accident
> 

no problem, it can be closed since it's ~arch only.
Thanks.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-04-19 18:37:22 UTC 
.. but only after it is out of p.mask
Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-01 11:08:00 UTC 
(In reply to comment #1)
> fixed in 1.2.4.7, still hard masked for nagios-3 and path_sanity.patch testing
> 

Ping, what is the status here?
Comment 6 Benedikt Böhm (RETIRED) gentoo-dev 2009-08-01 12:38:24 UTC 
unfortunately i have no time to test this release atm, it's a monster and i'm happy my installation still works. maybe i can find some time to backport only the security patch in the next week, and make a revbump
Comment 7 Agostino Sarubbo gentoo-dev 2011-10-11 14:19:20 UTC 
Closing as INVALID, the package is not any more in the main tree and it was never stable, no need glsa here.