cacti 0.6.8a Out

Important information about Cacti developments that all users should be interested in.

Moderators: Moderators, Developers

Post Reply
Author
Message
raX
Lead Developer
Posts: 2237
Joined: Sat Oct 13, 2001 7:00 pm
Location: Carlisle, PA
Contact:

cacti 0.6.8a Out

#1 Post by raX » Thu Sep 05, 2002 10:03 pm

A few security bugs prompted this small release. I also fixed a few bugs that have been annoying people for a while. The complete changelog:
-bug: Unchecked string being passed to rrdtool caused a potential security
problem.
-bug: The logout funtionality was broken for some users because of a missing
fourth argument.
-bug: Fixed some SNMP parsing problems.
-bug: Fixed a problem with using quotes for data source input.
Since this is a really small release, here is the diff as well:

Code: Select all

diff -r cacti-0.6.8/cacti.sql cacti-0.6.8a/cacti.sql
1031c1031
< INSERT INTO src VALUES (1, 'Ping Host', 'perl <path_cacti>/scripts/ping.pl <num> <ip>', '<out_ms>', NULL);
---
> INSERT INTO src VALUES (1, 'Ping Host', 'perl <path_cacti>/scripts/ping.pl <ip>', '<out_ms>', NULL);
1064d1063
< INSERT INTO src_data VALUES (2, 2, 35, '2');
1117d1115
< INSERT INTO src_fields VALUES (2, 1, 'Times', 'num', 'in', '');
diff -r cacti-0.6.8/docs/CHANGELOG cacti-0.6.8a/docs/CHANGELOG
2a3,10
> 0.6.8a
> -bug: Unchecked string being passed to rrdtool caused a potential security
> problem.
> -bug: The logout funtionality was broken for some users because of a missing
> fourth argument.
> -bug: Fixed some SNMP parsing problems.
> -bug: Fixed a problem with using quotes for data source input.
> 
diff -r cacti-0.6.8/ds_data_config.php cacti-0.6.8a/ds_data_config.php
76c76
< 				$old_value = mysql_result($sql_id_data, 0, "value");
---
> 				$old_value = htmlspecialchars(mysql_result($sql_id_data, 0, "value"));
diff -r cacti-0.6.8/include/rrd_functions.php cacti-0.6.8a/include/rrd_functions.php
25a26,29
> function escape_command($command) {
> 	return ereg_replace("(\\\$)", "\\\\1", $command);
> }
> 
50c54
< 		$fp = popen($config["path_rrdtool"]["value"] . escapeshellcmd(" $command_line"), "r");
---
> 		$fp = popen($config["path_rrdtool"]["value"] . escape_command(" $command_line"), "r");
52c56
< 		$fp = popen($config["path_rrdtool"]["value"] . escapeshellcmd(" $command_line"), "rb");
---
> 		$fp = popen($config["path_rrdtool"]["value"] . escape_command(" $command_line"), "rb");
diff -r cacti-0.6.8/log/rrd.log cacti-0.6.8a/log/rrd.log
0a1
> 
diff -r cacti-0.6.8/logout.php cacti-0.6.8a/logout.php
26c26
< setcookie(session_name(),"","","/");
---
> setcookie(session_name(),"",time() - 3600,"/");
Only in cacti-0.6.8a/scripts: ping-new.pl
diff -r cacti-0.6.8/scripts/ping.pl cacti-0.6.8a/scripts/ping.pl
3,6c3,4
< if ($ARGV[0]=="x") {
< 	$db = ":0";
< 	$ARGV[0] = 2;
< }
---
> $ping = `ping -c $ARGV[0] $ARGV[1] -w 1 | grep icmp_seq`;
> $ping =~ s/(.*time=)(.*) (ms|usec)//;
8,11c6
< $response = `ping $ARGV[1] -c $ARGV[0] |grep round-trip| awk '\{print \$4 \}' | awk -F / '\{print \$1 \}' | grep -v "Warning"`;
< chomp $response;
< $response = $response;
< print "$response$db";
---
> print $2;
-Ian

Post Reply