Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Fri Jul 19, 2019 3:45 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: cacti 0.6.8a Out
PostPosted: Thu Sep 05, 2002 10:03 pm 
Offline
Lead Developer

Joined: Sat Oct 13, 2001 7:00 pm
Posts: 2237
Location: Carlisle, PA
A few security bugs prompted this small release. I also fixed a few bugs that have been annoying people for a while. The complete changelog:

Quote:
-bug: Unchecked string being passed to rrdtool caused a potential security
problem.
-bug: The logout funtionality was broken for some users because of a missing
fourth argument.
-bug: Fixed some SNMP parsing problems.
-bug: Fixed a problem with using quotes for data source input.


Since this is a really small release, here is the diff as well:

Code:
diff -r cacti-0.6.8/cacti.sql cacti-0.6.8a/cacti.sql
1031c1031
< INSERT INTO src VALUES (1, 'Ping Host', 'perl <path_cacti>/scripts/ping.pl <num> <ip>', '<out_ms>', NULL);
---
> INSERT INTO src VALUES (1, 'Ping Host', 'perl <path_cacti>/scripts/ping.pl <ip>', '<out_ms>', NULL);
1064d1063
< INSERT INTO src_data VALUES (2, 2, 35, '2');
1117d1115
< INSERT INTO src_fields VALUES (2, 1, 'Times', 'num', 'in', '');
diff -r cacti-0.6.8/docs/CHANGELOG cacti-0.6.8a/docs/CHANGELOG
2a3,10
> 0.6.8a
> -bug: Unchecked string being passed to rrdtool caused a potential security
> problem.
> -bug: The logout funtionality was broken for some users because of a missing
> fourth argument.
> -bug: Fixed some SNMP parsing problems.
> -bug: Fixed a problem with using quotes for data source input.
>
diff -r cacti-0.6.8/ds_data_config.php cacti-0.6.8a/ds_data_config.php
76c76
<             $old_value = mysql_result($sql_id_data, 0, "value");
---
>             $old_value = htmlspecialchars(mysql_result($sql_id_data, 0, "value"));
diff -r cacti-0.6.8/include/rrd_functions.php cacti-0.6.8a/include/rrd_functions.php
25a26,29
> function escape_command($command) {
>    return ereg_replace("(\\\$)", "\\\\1", $command);
> }
>
50c54
<       $fp = popen($config["path_rrdtool"]["value"] . escapeshellcmd(" $command_line"), "r");
---
>       $fp = popen($config["path_rrdtool"]["value"] . escape_command(" $command_line"), "r");
52c56
<       $fp = popen($config["path_rrdtool"]["value"] . escapeshellcmd(" $command_line"), "rb");
---
>       $fp = popen($config["path_rrdtool"]["value"] . escape_command(" $command_line"), "rb");
diff -r cacti-0.6.8/log/rrd.log cacti-0.6.8a/log/rrd.log
0a1
>
diff -r cacti-0.6.8/logout.php cacti-0.6.8a/logout.php
26c26
< setcookie(session_name(),"","","/");
---
> setcookie(session_name(),"",time() - 3600,"/");
Only in cacti-0.6.8a/scripts: ping-new.pl
diff -r cacti-0.6.8/scripts/ping.pl cacti-0.6.8a/scripts/ping.pl
3,6c3,4
< if ($ARGV[0]=="x") {
<    $db = ":0";
<    $ARGV[0] = 2;
< }
---
> $ping = `ping -c $ARGV[0] $ARGV[1] -w 1 | grep icmp_seq`;
> $ping =~ s/(.*time=)(.*) (ms|usec)//;
8,11c6
< $response = `ping $ARGV[1] -c $ARGV[0] |grep round-trip| awk '\{print \$4 \}' | awk -F / '\{print \$1 \}' | grep -v "Warning"`;
< chomp $response;
< $response = $response;
< print "$response$db";
---
> print $2;


-Ian


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group