Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243592
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities Product: Fedora Extras Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: cacti AssignedTo: mmcgrath@redhat.com ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3112 "Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter."
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3113 "Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter."
The patch linked to in the reports applies to 0.8.6j too.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243592
mmcgrath@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
------- Additional Comments From mmcgrath@redhat.com 2007-06-14 12:53 EST ------- Sorry I'm not following, it seems that 0.8.6j has been fixed from these bugs, can you show me where you are finding otherwise?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243592
------- Additional Comments From ville.skytta@iki.fi 2007-06-14 13:10 EST ------- Like I mentioned, that patch to which both of the CVE's link to, applies to 0.8.6j too. I haven't checked beyond that.
$ make prep [...] $ cd cacti-0.8.6j $ curl -s "http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_i..." | patch -p3 patching file graph_image.php Hunk #1 succeeded at 51 (offset 2 lines).
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=243592
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora
kevin@tummy.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |kevin@tummy.com
------- Additional Comments From kevin@tummy.com 2007-09-13 20:15 EST ------- Any further word here? Is 0.8.6j vulnerable?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=243592
------- Additional Comments From mmcgrath@redhat.com 2007-09-14 17:08 EST ------- Confirmed, it is. I'll apply the patches and push soon. it has been fixed in 0.8.7 already but that is not an official release yet.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=243592
------- Additional Comments From updates@fedoraproject.org 2007-09-17 23:24 EST ------- cacti-0.8.6j-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=243592
updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |0.8.6j-8.fc7
security@lists.fedoraproject.org
-
Red Hat Bugzilla