Navigation
|
|
| Problem Description |
SQL injection vulnerability in Cacti 0.8.6i and earlier, when
register_argc_argv is enabled, allows remote attackers to execute
arbitrary SQL commands via the (1) second or (2) third arguments to
cmd.php. NOTE: this issue can be leveraged to execute arbitrary
commands since the SQL query results are later used in the
polling_items array and popen function.
Updated packages are patched to address this issue.
| Updated Packages |
Corporate Server 4.0
5d8b682ea63e6f0624c38cc8350206a9 corporate/4.0/i586/cacti-0.8.6f-3.1.20060mlcs4.noarch.rpm b61668c2bb193cbad1a097a674405017 corporate/4.0/SRPMS/cacti-0.8.6f-3.1.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
8b9cf3a6ef01c3d6d72fe45796a6def5 corporate/4.0/x86_64/cacti-0.8.6f-3.1.20060mlcs4.noarch.rpm b61668c2bb193cbad1a097a674405017 corporate/4.0/SRPMS/cacti-0.8.6f-3.1.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6799
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.