-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:160 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cacti Date : August 24, 2010 Affected: Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in cacti: Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php (CVE-2010-1644). Cacti before 0.8.7f, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template (CVE-2010-1645). Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b (CVE-2010-2543). Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, allows remote attackers to inject arbitrary web script or HTML via the filter parameter (CVE-2010-2544). Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php (CVE-2010-2545). This update provides cacti 0.8.7f, which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2545 _______________________________________________________________________ Updated Packages: Corporate 4.0: 4134297861a2b57c17204497c8e474d1 corporate/4.0/i586/cacti-0.8.7g-0.1.20060mlcs4.noarch.rpm df74ca45bbe47160463f323828953474 corporate/4.0/SRPMS/cacti-0.8.7g-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: e61de1b8ead28de422c10643f60d3f91 corporate/4.0/x86_64/cacti-0.8.7g-0.1.20060mlcs4.noarch.rpm df74ca45bbe47160463f323828953474 corporate/4.0/SRPMS/cacti-0.8.7g-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 7c9ae55dc3374c1c7fa848764447cf11 mes5/i586/cacti-0.8.7g-0.1mdvmes5.1.noarch.rpm ab0da7a454014b307109c50308b5ab9f mes5/SRPMS/cacti-0.8.7g-0.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: fcda5deb37036ee6c5a784501ec32e70 mes5/x86_64/cacti-0.8.7g-0.1mdvmes5.1.noarch.rpm ab0da7a454014b307109c50308b5ab9f mes5/SRPMS/cacti-0.8.7g-0.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMc6POmqjQ0CJFipgRAkUlAKDjSxc8B91AXSLUGYMFRdAKMwF8wQCfWrJs OUFj7V09JyDhxeSAoB3w86k= =LNa+ -----END PGP SIGNATURE-----