CVE-2010-1645

Sažetak

Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.

Reference

http://secunia.com/advisories/41041
http://svn.cacti.net/viewvc?view=rev&revision=5778
http://svn.cacti.net/viewvc?view=rev&revision=5782
http://svn.cacti.net/viewvc?view=rev&revision=5784
http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php
http://www.cacti.net/release_notes_0_8_7f.php
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
http://www.vupen.com/english/advisories/2010/2132
https://bugzilla.redhat.com/show_bug.cgi?id=609115
https://rhn.redhat.com/errata/RHSA-2010-0635.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-02-2012 - 04:03

Objavljeno

23-08-2010 - 22:00