VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1645
cacti: Cacti before 0.8.7f, as used in Red Hat High Perfor...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1645

Original

Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-23
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-25




Affected Product Tags
cpe:/a:cacti:cacti:0.5:-
cpe:/a:cacti:cacti:0.6
cpe:/a:cacti:cacti:0.6.1
cpe:/a:cacti:cacti:0.6.2
cpe:/a:cacti:cacti:0.6.3
cpe:/a:cacti:cacti:0.6.4
cpe:/a:cacti:cacti:0.6.5
cpe:/a:cacti:cacti:0.6.6
cpe:/a:cacti:cacti:0.6.7
cpe:/a:cacti:cacti:0.6.8
cpe:/a:cacti:cacti:0.6.8a
cpe:/a:cacti:cacti:0.8
cpe:/a:cacti:cacti:0.8.1
cpe:/a:cacti:cacti:0.8.2
cpe:/a:cacti:cacti:0.8.2a
cpe:/a:cacti:cacti:0.8.3
cpe:/a:cacti:cacti:0.8.3a
cpe:/a:cacti:cacti:0.8.4
cpe:/a:cacti:cacti:0.8.5
cpe:/a:cacti:cacti:0.8.5a
cpe:/a:cacti:cacti:0.8.6
cpe:/a:cacti:cacti:0.8.6a
cpe:/a:cacti:cacti:0.8.6b
cpe:/a:cacti:cacti:0.8.6c
cpe:/a:cacti:cacti:0.8.6d
cpe:/a:cacti:cacti:0.8.6f
cpe:/a:cacti:cacti:0.8.6g
cpe:/a:cacti:cacti:0.8.6h
cpe:/a:cacti:cacti:0.8.6i
cpe:/a:cacti:cacti:0.8.6j
cpe:/a:cacti:cacti:0.8.6k
cpe:/a:cacti:cacti:0.8.7
cpe:/a:cacti:cacti:0.8.7a
cpe:/a:cacti:cacti:0.8.7b
cpe:/a:cacti:cacti:0.8.7c
cpe:/a:cacti:cacti:0.8.7d
cpe:/a:cacti:cacti:0.8.7e and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
X Single [?]
None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=609115




CONFIRM http://www.cacti.net/release_notes_0_8_7f.php




CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=5784




CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=5782




CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=5778




MISC http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php




REDHAT RHSA-2010:0635




SECUNIA 41041




Vulnerability Type Input Validation (CWE-20)




Copyright © 2010 JPCERT/CC All Rights Reserved.