Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2005 > Gentoo - Three Security Advisories: 1. Cacti: Several vulnerabilities [GLSA 200506-20] -- 2. Trac: File upload vulnerability [GLSA 200506-21] -- 3. sudo: Arbitrary command execution [GLSA 200506-22]

June 2005

Gentoo - Three Security Advisories: 1. Cacti: Several vulnerabilities [GLSA 200506-20] -- 2. Trac: File upload vulnerability [GLSA 200506-21] -- 3. sudo: Arbitrary command execution [GLSA 200506-22]

ID: 00511
Ref: 471/2005
Date: 23 June 2005:15:54:17
Version: 1
Title: Gentoo - Three Security Advisories: 1. Cacti: Several vulnerabilities [GLSA 200506-20] -- 2. Trac: File upload vulnerability [GLSA 200506-21] -- 3. sudo: Arbitrary command execution [GLSA 200506-22]
Abstract:
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo

Title
=====
Gentoo - Three Security Advisories:
1. Cacti: Several vulnerabilities [GLSA 200506-20]
2. Trac: File upload vulnerability [GLSA 200506-21]
3. sudo: Arbitrary command execution [GLSA 200506-22]


Detail
======

Security Advisory summaries:

1. Cacti is vulnerable to several SQL injection and file inclusion
vulnerabilities.

2. Trac may allow remote attackers to upload files, possibly leading to
the execution of arbitrary code.

3. sudo allows a system administrator to give users the ability to run
commands as other users.

Security Advisory content follows:


1.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Bugs: #96243
ID: 200506-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Cacti is vulnerable to several SQL injection and file inclusion
vulnerabilities.

Background
==========

Cacti is a complete web-based frontend to rrdtool.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/cacti < 0.8.6e >= 0.8.6e

Description
===========

Cacti fails to properly sanitize input which can lead to SQL injection
as well as PHP file inclusion.

Impact
======

An attacker could potentially exploit the file inclusion to execute
arbitrary code with the permissions of the web server. An attacker
could exploit the SQL injection to gain information from the database.
Only systems with register_globals set to "On" are vulnerable to the
file inclusion bugs. Gentoo Linux ships with register_globals set to
"Off" by default.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Cacti users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.6e"

Note: Users with the vhosts USE flag set should manually use
webapp-config to finalize the update.

References
==========

[ 1 ] Cacti Release Notes
http://www.cacti.net/release_notes_0_8_6e.php
[ 2 ] iDEFENSE SQL injection advisory
http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=false
[ 3 ] iDEFENSE config_settings advisory
http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=false
[ 4 ] iDEFENSE remote file inclusion advisory
http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=false

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200506-20.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



2.



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Trac: File upload vulnerability
Date: June 22, 2005
Bugs: #96572
ID: 200506-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Trac may allow remote attackers to upload files, possibly leading to
the execution of arbitrary code.

Background
==========

Trac is a minimalistic web-based project management, wiki and bug
tracking system including a Subversion interface.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/trac < 0.8.4 >= 0.8.4

Description
===========

Stefan Esser of the Hardened-PHP project discovered that Trac fails to
validate the "id" parameter when uploading attachments to the wiki or
the bug tracking system.

Impact
======

A remote attacker could exploit the vulnerability to upload arbitrary
files to a directory where the webserver has write access to, possibly
leading to the execution of arbitrary code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Trac users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/trac-0.8.4"

References
==========

[ 1 ] Hardened PHP Advisory 012005
http://www.hardened-php.net/advisory-012005.php

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200506-21.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



3.



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: sudo: Arbitrary command execution
Date: June 23, 2005
Bugs: #96618
ID: 200506-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in sudo may allow local users to elevate privileges.

Background
==========

sudo allows a system administrator to give users the ability to run
commands as other users.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-admin/sudo < 1.6.8_p9 >= 1.6.8_p9

Description
===========

The sudoers file is used to define the actions sudo users are permitted
to perform. Charles Morris discovered that a specific layout of the
sudoers file could cause the results of an internal check to be
clobbered, leaving sudo vulnerable to a race condition.

Impact
======

Successful exploitation would permit a local sudo user to execute
arbitrary commands as another user.

Workaround
==========

Reorder the sudoers file using the visudo utility to ensure the 'ALL'
pseudo-command precedes other command definitions.

Resolution
==========

All sudo users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.6.8_p9"

References
==========

[ 1 ] Sudo Announcement
http://www.sudo.ws/sudo/alerts/path_race.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200506-22.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |