Executive Summary
| Summary | |
|---|---|
| Title | New cacti packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-1031 | First vendor Publication | 2006-04-08 |
| Vendor | Debian | Last vendor Modification | 2006-04-08 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP, which is embedded in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-0146 Andreas Sandblad discovered that improper user input sanitisation results in a potential remote SQL injection vulnerability enabling an attacker to compromise applications, access or modify data, or exploit vulnerabilities in the underlying database implementation. This requires the MySQL root password to be empty. It is fixed by limiting access to the script in question. CVE-2006-0147 A dynamic code evaluation vulnerability allows remote attackers to execute arbitrary PHP functions via the 'do' parameter. CVE-2006-0410 Andy Staudacher discovered an SQL injection vulnerability due to insufficient input sanitising that allows remote attackers to execute arbitrary SQL commands. CVE-2006-0806 GulfTech Security Research discovered multiple cross-site scripting vulnerabilities due to improper user-supplied input sanitisation. Attackers can exploit these vulnerabilities to cause arbitrary scripts to be executed in the browser of an unsuspecting user's machine, or result in the theft of cookie-based authentication credentials. The old stable distribution (woody) is not affected by these problems. For the stable distribution (sarge) these problems have been fixed in version 0.8.6c-7sarge3. For the unstable distribution these problems will be fixed soon. We recommend that you upgrade your cacti package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1031 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
| 50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 | |
| Application | 2 | |
| Application | 1 | |
| Application | 1 | |
| Application | 1 | |
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200602-02 (ADOdb) File : nvt/glsa_200602_02.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-07 (Cacti) File : nvt/glsa_200604_07.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cacti File : nvt/freebsd_cacti2.nasl |
| 2008-09-04 | Name : FreeBSD Ports: lifetype File : nvt/freebsd_lifetype.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1029-1 (libphp-adodb) File : nvt/deb_1029_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1030-1 (moodle) File : nvt/deb_1030_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1031-1 (cacti) File : nvt/deb_1031_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 23364 | ADOdb perf-oci8.inc.php XSS ADOdb for PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the perf-oci8.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 23363 | ADOdb adodb-perf.inc.php XSS ADOdb for PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the adodb-perf.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 23362 | ADOdb adodb-pager.inc.php Pagination XSS ADOdb for PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "next_page" and "PHP_SELF" variables upon submission to the adodb-pager.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 22705 | ADOdb PostgreSQL Binary String SQL Injection ADOdb for PHP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the software not properly sanitizing user-supplied input containing binary strings submitted to an unspecified script. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
| 22291 | ADOdb tmssql.php do Variable Arbitrary PHP Function Execution ADOdb contains a flaw that may allow a malicious user to execute arbitrary PHP functions via the 'do' parameter. The issue is triggered due to the insecure tests/tmssql.php test script. It is possible that the flaw may result in a loss of integrity. |
| 22290 | ADOdb server.php sql Parameter SQL Injection ADOdb contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the server.php script not properly sanitizing user-supplied input to the 'sql' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1029.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1030.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1031.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_116b0820d59c11da809800123ffe8333.nasl - Type : ACT_GATHER_INFO |
| 2006-04-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-07.nasl - Type : ACT_GATHER_INFO |
| 2006-02-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200602-02.nasl - Type : ACT_GATHER_INFO |
| 2006-01-10 | Name : The remote web server has a PHP script that allows execution of arbitrary code. File : adodb_do_cmd_execution.nasl - Type : ACT_ATTACK |
| 2006-01-10 | Name : The remote web server has a PHP script that is affected by a SQL injection flaw. File : adodb_sql_sql_injection.nasl - Type : ACT_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:39 |
|
