|
|
>> Mandriva Security Update Fixes Cacti Remote SQL Injection Vulnerability
|
Title : Mandriva Security Update Fixes Cacti Remote SQL Injection Vulnerability
VUPEN ID : VUPEN/ADV-2007-3979
CVE ID : CVE-2007-6035
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-23
|
A vulnerability has been identified in Mandriva, which could be exploited by attackers to execute arbitrary SQL queries. This issue is caused by an error in Cacti. For additional information, see : VUPEN/ADV-2007-3911
Affected Products
Mandriva Corporate 4.0
Solution
Upgrade the affected packages :
Corporate 4.0:
7747b05a689d987c089670ae2f02d8e1 corporate/4.0/i586/cacti-0.8.6f-3.3.20060mlcs4.noarch.rpm
bde23b14c6a6de25adecb10eb87e5c00 corporate/4.0/SRPMS/cacti-0.8.6f-3.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
14628544bb359a37a58740b082fd14bb corporate/4.0/x86_64/cacti-0.8.6f-3.3.20060mlcs4.noarch.rpm
bde23b14c6a6de25adecb10eb87e5c00 corporate/4.0/SRPMS/cacti-0.8.6f-3.3.20060mlcs4.src.rpm
References
http://www.vupen.com/english/advisories/2007/3979
http://archives.mandrivalinux.com/security-announce/2007-11/msg00045.php
ChangeLog
2007-11-23 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
