Bug 585401 (BONSAI-2010-0104, CVE-2010-1431)

Summary: CVE-2010-1431 cacti: SQL injection vulnerability (BONSAI-2010-0104)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jlieskov, mmcgrath, ocs2, plautrba
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-21 22:45:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 541684, 585207, 585402    
Bug Blocks:    

Description Vincent Danen 2010-04-23 21:26:14 UTC 
An SQL injection vulnerability was reported in cacti [1].  Input passed via the 'export_item_id' parameter to the templates_export.php script is not properly sanitized prior to being used in an SQL query.  Upstream has provided a patch to correct this issue [2].

[1] http://seclists.org/fulldisclosure/2010/Apr/272
[2] http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
Comment 1 Vincent Danen 2010-04-23 21:27:50 UTC 
Created cacti tracking bugs for this issue

Affects: fedora-all [bug 585402]
Comment 2 Vincent Danen 2010-04-26 19:27:21 UTC 
bug 585207 has addressed this in Fedora and EPEL.
Comment 3 Vincent Danen 2010-04-26 19:52:47 UTC 
This has been assigned CVE-2010-1431.
Comment 4 Tomas Hoger 2010-06-29 09:05:37 UTC 
Direct link to BONSAI-2010-0104 advisory:

http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php
Comment 5 errata-xmlrpc 2010-08-20 02:42:32 UTC 
This issue has been addressed in following products:

  Red Hat HPC Solution for RHEL 5

Via RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html