Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 60630 - net-analyzer/cacti SQL injection that allows bypass auth.
Summary: net-analyzer/cacti SQL injection that allows bypass auth.
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa] jaervosz
Depends on:
Reported: 2004-08-16 21:21 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2011-10-30 22:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-16 21:21:22 UTC
From FD:

a) Full path disclosure 
In several parts of the code when anyone try to open files in 
 directories who do not appear at first like: include, 
 lib, scripts, etc. an error appears allowing to see the route him where 
 is installed the program.


b) SQL injection and bypass the authentication. 
Injection of code is possible in the index.php file to pass auth.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-16 21:26:38 UTC
Netmon will you please verify that we are vulnerable and patch if needed.
Comment 2 Eldad Zack (RETIRED) gentoo-dev 2004-08-17 02:30:35 UTC
I'll prepare a patch for it.
Comment 3 Eldad Zack (RETIRED) gentoo-dev 2004-08-17 02:56:14 UTC
0.8.5a-r1 in portage, stable on x86.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-17 05:39:04 UTC
Security please draft GLSA
Comment 5 solar (RETIRED) gentoo-dev 2004-08-17 05:51:28 UTC
It should be noted that you _MUST_ back up a copy of your include/config.php 
before merging cacti or you will lose your database settings and cacti will have 
to be reconfigured.

cp /var/www/localhost/htdocs/cacti/include/config.php ~
emerge '>=net-analyzer/cacti-0.8.5a-r1'
cp ~/config.php /var/www/localhost/htdocs/cacti/include/config.php
Comment 6 Eldad Zack (RETIRED) gentoo-dev 2004-08-17 07:33:32 UTC
Hmm. I moved config.php to config-sample.php. that should handle that.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-18 10:48:40 UTC
magic_quotes_gpc is on by default so this is not that big an issue.

Security please vote about GLSA publication.
Comment 8 solar (RETIRED) gentoo-dev 2004-08-18 22:36:53 UTC
Revision 1.49 / (view) - annotate - [select for diffs] , Wed Jul 21 05:30:27 2004 UTC (4 weeks, 1 day ago) by iberry
Branch: MAIN
Changes since 1.48: +7 -10 lines
Diff to previous 1.48

remove security hazard

I vote yes.
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-19 01:04:47 UTC
GLSA drafted. Security please review.

This patch does not seem to solve the full path disclosure problem.
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-23 06:38:01 UTC
Path issue was not fixed but most web-apps suffer the same issue.

GLSA 200408-21