Bug 541279 (CVE-2009-4032, CVE-2010-2543)
Summary: | CVE-2009-4032 CVE-2010-2543 cacti: Multiple cross-site scripting flaws | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | mmcgrath |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-19 09:09:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 541684, 541962 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2009-11-25 13:19:30 UTC
This issue affects the versions of the cacti package, as shipped with Fedora releases of 10, 11, and 12 and as shipped within Extra Packages for Enterprise Linux 4 (EPEL-4) and 5 (EPEL-5) projects. Please fix. This is CVE-2009-4032. More elaborated description of each particular issue (including reproducers) by Moritz Naumann is here: http://seclists.org/fulldisclosure/2009/Nov/291 Mitre's CVE-2009-4032 record: ----------------------------- Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php. cacti-0.8.7e-3.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/cacti-0.8.7e-3.el4 cacti-0.8.7e-3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/cacti-0.8.7e-3.fc11 cacti-0.8.7e-3.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/cacti-0.8.7e-3.el5 cacti-0.8.7e-3.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/cacti-0.8.7e-3.fc10 cacti-0.8.7e-3.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/cacti-0.8.7e-3.fc12 cacti-0.8.7e-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. cacti-0.8.7e-3.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. cacti-0.8.7e-3.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. cacti-0.8.7e-3.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. Upstream fix does not properly address XSS 4. It adds validation for graph_start and graph_end, but that only happens after including include/top_graph_header.php, which may output those values without validation. (In reply to comment #17) > Upstream fix does not properly address XSS 4. It adds validation for > graph_start and graph_end, but that only happens after including > include/top_graph_header.php, which may output those values without > validation. This is now fixed upstream in 0.8.7g: http://cacti.net/release_notes_0_8_7g.php http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024 http://svn.cacti.net/viewvc?view=rev&revision=6025 (In reply to comment #17) > Upstream fix does not properly address XSS 4. It adds validation for > graph_start and graph_end, but that only happens after including > include/top_graph_header.php, which may output those values without > validation. This got CVE-2010-2543. This issue has been addressed in following products: Red Hat HPC Solution for RHEL 5 Via RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html |