Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-1645

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2010-1645
Last Modified 15 Feb 2012 11:03:14
Published 23 Aug 2010 06:00:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2010-1645

Summary

Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.

Vulnerable Systems

Application

  • Cacti 0.5

  • Cacti 0.6

  • Cacti 0.6.1

  • Cacti 0.6.2

  • Cacti 0.6.3

  • Cacti 0.6.4

  • Cacti 0.6.5

  • Cacti 0.6.6

  • Cacti 0.6.7

  • Cacti 0.6.8

  • Cacti 0.6.8a

  • Cacti 0.8

  • Cacti 0.8.1

  • Cacti 0.8.2

  • Cacti 0.8.2a

  • Cacti 0.8.3

  • Cacti 0.8.3a

  • Cacti 0.8.4

  • Cacti 0.8.5

  • Cacti 0.8.5a

  • Cacti 0.8.6

  • Cacti 0.8.6a

  • Cacti 0.8.6b

  • Cacti 0.8.6c

  • Cacti 0.8.6d

  • Cacti 0.8.6f

  • Cacti 0.8.6g

  • Cacti 0.8.6h

  • Cacti 0.8.6i

  • Cacti 0.8.6j

  • Cacti 0.8.6k

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e


References

REDHAT - RHSA-2010:0635

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=609115

CONFIRM - http://www.cacti.net/release_notes_0_8_7f.php

MISC - http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=5784

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=5782

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=5778

SECUNIA - 41041

VUPEN - ADV-2010-2132

MANDRIVA - MDVSA-2010:160


Last Updated: 27 May 2016 10:58:16