Raxnet Cacti命令行执行漏洞

漏洞信息详情

Raxnet Cacti命令行执行漏洞

• CNNVD编号：CNNVD-200304-132
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1477
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2003-04-22
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-28
  
• 厂        商：
  
  the_cacti_group
• 漏洞来源：
  Reported by Knight…

Cacti 0.6.8之前版本的graphs.php存在漏洞。远程Cacti认证管理者可以借助编辑模式标题中的shell元字符执行任意命令。

Fixes are available:
Raxnet Cacti 0.5

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6.1

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6.2

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6.3

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6.4

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6.5

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6.6

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6.7

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

Raxnet Cacti 0.6.8

• Raxnet cacti-0.6.8a.tar.gz
  
  http://www.raxnet.net/downloads/cacti-0.6.8a.tar.gz

来源: XF
名称: cacti-graph-label-commands(10048)
链接:http://www.iss.net/security_center/static/10048.php

来源: DEBIAN
名称: DSA-164
链接:http://www.debian.org/security/2002/dsa-164

来源: BUGTRAQ
名称: 20020903 Cacti security issues
链接:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html

来源: www.knights-of-the-routing-table.org
链接:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt

来源: BID
名称: 5627
链接:http://www.securityfocus.com/bid/5627