Raxnet Cacti全域可读Config.php文件漏洞

漏洞信息详情

Raxnet Cacti全域可读Config.php文件漏洞

• CNNVD编号：CNNVD-200304-128
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1479
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2003-04-22
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-08-28
  
• 厂        商：
  
  the_cacti_group
• 漏洞来源：
  Reported by Knight…

Cacti 0.6.8之前版本在config.php的纯文本中储存具有全域可读许可的MySQL用户名和密码。本地用户可以像Cacti用户一样修改数据库并可能提升特权。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: BID
名称: 5628
链接:http://www.securityfocus.com/bid/5628

来源: XF
名称: cacti-config-world-readable(10049)
链接:http://www.iss.net/security_center/static/10049.php

来源: BUGTRAQ
名称: 20020903 Cacti security issues
链接:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html

来源: www.knights-of-the-routing-table.org
链接:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt