Fixes for: CVE-2014-2326 Unspecified HTML Injection Vulnerability CVE-2014-2328 Unspecified Remote Command Execution Vulnerability CVE-2014-2708 Unspecified SQL Injection Vulnerability CVE-2014-2709 Unspecified Remote Command Execution Vulnerabilitydiff -r1.23 -r1.24 pkgsrc/net/cacti/Makefile
(adam)
@@ -1,24 +1,24 @@ | @@ -1,24 +1,24 @@ | |||
1 | # $NetBSD: Makefile,v 1.23 2014/05/05 00:48:13 ryoon Exp $ | 1 | # $NetBSD: Makefile,v 1.24 2014/08/23 12:50:25 adam Exp $ | |
2 | 2 | |||
3 | DISTNAME= cacti-0.8.8b | 3 | DISTNAME= cacti-0.8.8b | |
4 | PKGREVISION= 2 | 4 | PKGREVISION= 3 | |
5 | CATEGORIES= net | 5 | CATEGORIES= net | |
6 | MASTER_SITES= http://www.cacti.net/downloads/ | 6 | MASTER_SITES= http://www.cacti.net/downloads/ | |
7 | 7 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.cacti.net/ | 9 | HOMEPAGE= http://www.cacti.net/ | |
10 | COMMENT= Frontend to rrdtool for monitoring systems and services | 10 | COMMENT= Frontend to rrdtool for monitoring systems and services | |
11 | LICENSE= gnu-gpl-v2 | 11 | LICENSE= gnu-gpl-v2 | |
12 | 12 | |||
13 | USE_LANGUAGES= # none | 13 | USE_LANGUAGES= # none | |
14 | USE_TOOLS+= pax | 14 | USE_TOOLS+= pax | |
15 | NO_BUILD= yes | 15 | NO_BUILD= yes | |
16 | 16 | |||
17 | DEPENDS+= ${PHP_PKG_PREFIX}-mysql-[0-9]*:../../databases/php-mysql | 17 | DEPENDS+= ${PHP_PKG_PREFIX}-mysql-[0-9]*:../../databases/php-mysql | |
18 | DEPENDS+= ${PHP_PKG_PREFIX}-snmp-[0-9]*:../../net/php-snmp | 18 | DEPENDS+= ${PHP_PKG_PREFIX}-snmp-[0-9]*:../../net/php-snmp | |
19 | DEPENDS+= ${PHP_PKG_PREFIX}-sockets-[0-9]*:../../net/php-sockets | 19 | DEPENDS+= ${PHP_PKG_PREFIX}-sockets-[0-9]*:../../net/php-sockets | |
20 | DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}-[0-9]*:../../www/ap-php | 20 | DEPENDS+= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}-[0-9]*:../../www/ap-php | |
21 | 21 | |||
22 | .include "../../mk/bsd.prefs.mk" | 22 | .include "../../mk/bsd.prefs.mk" | |
23 | .include "../../lang/php/phpversion.mk" | 23 | .include "../../lang/php/phpversion.mk" | |
24 | .include "../../mk/apache.mk" | 24 | .include "../../mk/apache.mk" | |
@@ -29,38 +29,38 @@ PKG_GECOS.${CACTI_USER}= Cacti user | @@ -29,38 +29,38 @@ PKG_GECOS.${CACTI_USER}= Cacti user | |||
29 | PKG_HOME.${CACTI_USER}= ${CACTIDIR} | 29 | PKG_HOME.${CACTI_USER}= ${CACTIDIR} | |
30 | PKG_SHELL.${CACTI_USER}= ${SH} | 30 | PKG_SHELL.${CACTI_USER}= ${SH} | |
31 | PKG_USERS_VARS+= CACTI_USER | 31 | PKG_USERS_VARS+= CACTI_USER | |
32 | PKG_GROUPS_VARS+= CACTI_GROUP | 32 | PKG_GROUPS_VARS+= CACTI_GROUP | |
33 | 33 | |||
34 | BUILD_DEFS+= PKG_SYSCONFBASE | 34 | BUILD_DEFS+= PKG_SYSCONFBASE | |
35 | PKG_SYSCONFSUBDIR?= httpd | 35 | PKG_SYSCONFSUBDIR?= httpd | |
36 | EGDIR= ${PREFIX}/share/examples/cacti | 36 | EGDIR= ${PREFIX}/share/examples/cacti | |
37 | CONF_FILES+= ${EGDIR}/httpd-cacti.conf ${PKG_SYSCONFDIR}/httpd-cacti.conf | 37 | CONF_FILES+= ${EGDIR}/httpd-cacti.conf ${PKG_SYSCONFDIR}/httpd-cacti.conf | |
38 | CACTIDIR= ${PREFIX}/share/cacti | 38 | CACTIDIR= ${PREFIX}/share/cacti | |
39 | CACTI_LOGDIR?= ${CACTIDIR}/log | 39 | CACTI_LOGDIR?= ${CACTIDIR}/log | |
40 | CACTI_RRADIR?= ${CACTIDIR}/rra | 40 | CACTI_RRADIR?= ${CACTIDIR}/rra | |
41 | 41 | |||
42 | REPLACE_INTERPRETER+= php | 42 | REPLACE_INTERPRETER+= php | |
43 | REPLACE.php.old= .*php[^ ]* | 43 | REPLACE.php.old= .*php[^ ]* | |
44 | REPLACE.php.new= ${PREFIX}/bin/php | 44 | REPLACE.php.new= ${PREFIX}/bin/php | |
45 | REPLACE_FILES.php= cli/*.php | 45 | REPLACE_FILES.php= cli/*.php | |
46 | 46 | |||
47 | REPLACE_PERL+= scripts/*.pl | 47 | REPLACE_PERL+= scripts/*.pl | |
48 | 48 | |||
49 | MESSAGE_SUBST+= CACTIDIR=${CACTIDIR} | 49 | MESSAGE_SUBST+= CACTIDIR=${CACTIDIR} | |
50 | MESSAGE_SUBST+= CACTI_USER=${CACTI_USER} | 50 | MESSAGE_SUBST+= CACTI_USER=${CACTI_USER} | |
51 | MESSAGE_SUBST+= EGDIR=${EGDIR} | 51 | MESSAGE_SUBST+= EGDIR=${EGDIR} | |
52 | MESSAGE_SUBST+= PREFIX=${PREFIX} | 52 | MESSAGE_SUBST+= PREFIX=${PREFIX} | |
53 | MESSAGE_SUBST+= PKG_SYSCONFBASE=${PKG_SYSCONFBASE} | 53 | MESSAGE_SUBST+= PKG_SYSCONFBASE=${PKG_SYSCONFBASE} | |
54 | FILES_SUBST+= CACTIDIR=${CACTIDIR} | 54 | FILES_SUBST+= CACTIDIR=${CACTIDIR} | |
55 | FILES_SUBST+= CACTI_GROUP=${CACTI_GROUP} | 55 | FILES_SUBST+= CACTI_GROUP=${CACTI_GROUP} | |
56 | FILES_SUBST+= CACTI_USER=${CACTI_USER} | 56 | FILES_SUBST+= CACTI_USER=${CACTI_USER} | |
57 | FILES_SUBST+= CACTI_LOGDIR=${CACTI_LOGDIR} | 57 | FILES_SUBST+= CACTI_LOGDIR=${CACTI_LOGDIR} | |
58 | 58 | |||
59 | SUBST_CLASSES+= paths | 59 | SUBST_CLASSES+= paths | |
60 | SUBST_STAGE.paths= pre-configure | 60 | SUBST_STAGE.paths= pre-configure | |
61 | SUBST_FILES.paths= ${WRKDIR}/httpd-cacti.conf install/index.php | 61 | SUBST_FILES.paths= ${WRKDIR}/httpd-cacti.conf install/index.php | |
62 | SUBST_FILES.paths+= include/global.php include/global_settings.php | 62 | SUBST_FILES.paths+= include/global.php include/global_settings.php | |
63 | SUBST_FILES.paths+= ${WRKDIR}/cacti-poller | 63 | SUBST_FILES.paths+= ${WRKDIR}/cacti-poller | |
64 | SUBST_VARS.paths= CACTIDIR PREFIX CACTI_USER CACTI_LOGDIR CACTI_RRADIR | 64 | SUBST_VARS.paths= CACTIDIR PREFIX CACTI_USER CACTI_LOGDIR CACTI_RRADIR | |
65 | SUBST_VARS.paths+= PKG_PHP_MAJOR_VERS SH | 65 | SUBST_VARS.paths+= PKG_PHP_MAJOR_VERS SH | |
66 | 66 |
@@ -1,11 +1,15 @@ | @@ -1,11 +1,15 @@ | |||
1 | $NetBSD: distinfo,v 1.4 2014/01/08 20:51:28 tron Exp $ | 1 | $NetBSD: distinfo,v 1.5 2014/08/23 12:50:25 adam Exp $ | |
2 | 2 | |||
3 | SHA1 (cacti-0.8.8b.tar.gz) = 84979416ae08d586064328d6451a3108b74a3b06 | 3 | SHA1 (cacti-0.8.8b.tar.gz) = 84979416ae08d586064328d6451a3108b74a3b06 | |
4 | RMD160 (cacti-0.8.8b.tar.gz) = a2c88961565c6b5d593b4f2603514139800c9145 | 4 | RMD160 (cacti-0.8.8b.tar.gz) = a2c88961565c6b5d593b4f2603514139800c9145 | |
5 | Size (cacti-0.8.8b.tar.gz) = 2272130 bytes | 5 | Size (cacti-0.8.8b.tar.gz) = 2272130 bytes | |
6 | SHA1 (patch-cacti.sql) = 37e18026c4136630d939ab5a7a4d6336bf166282 | 6 | SHA1 (patch-cacti.sql) = 37e18026c4136630d939ab5a7a4d6336bf166282 | |
7 | SHA1 (patch-cdef.php) = ee898fcbb0da5db1a1127ba54fbf72c308df47eb | |||
8 | SHA1 (patch-graph_xport.php) = 275717883721c674ab149e163be0ba780b86b11b | |||
7 | SHA1 (patch-host.php) = 679fd76c81a719d949e023cecc4cc0c47ac6acf4 | 9 | SHA1 (patch-host.php) = 679fd76c81a719d949e023cecc4cc0c47ac6acf4 | |
8 | SHA1 (patch-include_global.php) = fb0d2f15596b051c60ed6032ecb9038315b7c663 | 10 | SHA1 (patch-include_global.php) = fb0d2f15596b051c60ed6032ecb9038315b7c663 | |
9 | SHA1 (patch-include_global__settings.php) = 54ffd0c3fc9d927595b1568a874c45a4a6033f7b | 11 | SHA1 (patch-include_global__settings.php) = 54ffd0c3fc9d927595b1568a874c45a4a6033f7b | |
10 | SHA1 (patch-install_index.php) = e5ee36159968e1ca160aba953e02b9e80a2eb5d9 | 12 | SHA1 (patch-install_index.php) = e5ee36159968e1ca160aba953e02b9e80a2eb5d9 | |
11 | SHA1 (patch-lib_api_device.php) = 0a2d495a0245c8957bfd5214a5e79dbb31f135c4 | 13 | SHA1 (patch-lib_api_device.php) = 0a2d495a0245c8957bfd5214a5e79dbb31f135c4 | |
14 | SHA1 (patch-lib_graph_export.php) = ef91e864bc830653fbcf490419d39511aa7a258e | |||
15 | SHA1 (patch-lib_rrd.php) = cf7483d9a67f9f146d130de7da86a0f37f1041c9 |
$NetBSD: patch-cdef.php,v 1.1 2014/08/23 12:50:25 adam Exp $
Fixes for:
CVE-2014-2326 Unspecified HTML Injection Vulnerability
CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
CVE-2014-2708 Unspecified SQL Injection Vulnerability
CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
--- cdef.php.orig 2013-08-06 22:31:19.000000000 -0400
+++ cdef.php 2014-04-04 21:39:04.000000000 -0400
@@ -431,7 +431,7 @@
<a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a>
</td>
<td>
- <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong>
+ <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong>
</td>
<td>
<a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a>
diff -ruBbd graph_xport.php graph_xport.php
$NetBSD: patch-graph_xport.php,v 1.1 2014/08/23 12:50:25 adam Exp $
Fixes for:
CVE-2014-2326 Unspecified HTML Injection Vulnerability
CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
CVE-2014-2708 Unspecified SQL Injection Vulnerability
CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
--- graph_xport.php.orig 2013-08-06 22:31:19.000000000 -0400
+++ graph_xport.php 2014-04-04 21:39:04.000000000 -0400
@@ -47,43 +47,48 @@
$graph_data_array = array();
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var("local_graph_id"));
+input_validate_input_number(get_request_var("rra_id"));
+/* ==================================================== */
+
/* override: graph start time (unix time) */
-if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
- $graph_data_array["graph_start"] = $_GET["graph_start"];
+if (!empty($_GET["graph_start"]) && is_numeric($_GET["graph_start"] && $_GET["graph_start"] < 1600000000)) {
+ $graph_data_array["graph_start"] = get_request_var("graph_start");
}
/* override: graph end time (unix time) */
-if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
- $graph_data_array["graph_end"] = $_GET["graph_end"];
+if (!empty($_GET["graph_end"]) && is_numeric($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
+ $graph_data_array["graph_end"] = get_request_var("graph_end");
}
/* override: graph height (in pixels) */
-if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
- $graph_data_array["graph_height"] = $_GET["graph_height"];
+if (!empty($_GET["graph_height"]) && is_numeric($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
+ $graph_data_array["graph_height"] = get_request_var("graph_height");
}
/* override: graph width (in pixels) */
-if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
- $graph_data_array["graph_width"] = $_GET["graph_width"];
+if (!empty($_GET["graph_width"]) && is_numeric($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
+ $graph_data_array["graph_width"] = get_request_var("graph_width");
}
/* override: skip drawing the legend? */
if (!empty($_GET["graph_nolegend"])) {
- $graph_data_array["graph_nolegend"] = $_GET["graph_nolegend"];
+ $graph_data_array["graph_nolegend"] = get_request_var("graph_nolegend");
}
/* print RRDTool graph source? */
if (!empty($_GET["show_source"])) {
- $graph_data_array["print_source"] = $_GET["show_source"];
+ $graph_data_array["print_source"] = get_request_var("show_source");
}
-$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . $_REQUEST["local_graph_id"] . "'");
+$graph_info = db_fetch_row("SELECT * FROM graph_templates_graph WHERE local_graph_id='" . get_request_var("local_graph_id") . "'");
/* for bandwidth, NThPercentile */
$xport_meta = array();
/* Get graph export */
-$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], $_GET["rra_id"], $graph_data_array, $xport_meta);
+$xport_array = @rrdtool_function_xport($_GET["local_graph_id"], get_request_var("rra_id"), $graph_data_array, $xport_meta);
/* Make graph title the suggested file name */
if (is_array($xport_array["meta"])) {
$NetBSD: patch-lib_graph_export.php,v 1.1 2014/08/23 12:50:25 adam Exp $
Fixes for:
CVE-2014-2326 Unspecified HTML Injection Vulnerability
CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
CVE-2014-2708 Unspecified SQL Injection Vulnerability
CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
--- lib/graph_export.php.orig 2013-08-06 22:31:19.000000000 -0400
+++ lib/graph_export.php 2014-04-04 21:39:05.000000000 -0400
@@ -339,7 +339,7 @@
chdir($stExportDir);
/* set the initial command structure */
- $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password'];
+ $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']);
/* if the user requested passive mode, use it */
if ($aFtpExport['passive']) {
@@ -347,7 +347,7 @@
}
/* setup the port, server, remote directory and all files */
- $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . ".";
+ $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . ".";
/* run the command */
$iExecuteReturns = 0;
$NetBSD: patch-lib_rrd.php,v 1.1 2014/08/23 12:50:25 adam Exp $
Fixes for:
CVE-2014-2326 Unspecified HTML Injection Vulnerability
CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
CVE-2014-2708 Unspecified SQL Injection Vulnerability
CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
--- lib/rrd.php.orig 2013-08-06 22:31:18.000000000 -0400
+++ lib/rrd.php 2014-04-04 21:39:04.000000000 -0400
@@ -865,13 +865,13 @@
/* basic graph options */
$graph_opts .=
"--imgformat=" . $image_types{$graph["image_format_id"]} . RRD_NL .
- "--start=$graph_start" . RRD_NL .
- "--end=$graph_end" . RRD_NL .
+ "--start=" . cacti_escapeshellarg($graph_start) . RRD_NL .
+ "--end=" . cacti_escapeshellarg($graph_end) . RRD_NL .
"--title=" . cacti_escapeshellarg($graph["title_cache"]) . RRD_NL .
"$rigid" .
- "--base=" . $graph["base_value"] . RRD_NL .
- "--height=$graph_height" . RRD_NL .
- "--width=$graph_width" . RRD_NL .
+ "--base=" . cacti_escapeshellarg($graph["base_value"]) . RRD_NL .
+ "--height=" . cacti_escapeshellarg($graph_height) . RRD_NL .
+ "--width=" . cacti_escapeshellarg($graph_width) . RRD_NL .
"$scale" .
"$unit_value" .
"$unit_exponent_value" .
@@ -1606,8 +1606,8 @@
/* basic export options */
$xport_opts =
- "--start=$xport_start" . RRD_NL .
- "--end=$xport_end" . RRD_NL .
+ "--start=" . cacti_escapeshellarg($xport_start) . RRD_NL .
+ "--end=" . cacti_escapeshellarg($xport_end) . RRD_NL .
"--maxrows=10000" . RRD_NL;
$xport_defs = "";
@@ -1997,7 +1997,7 @@
$stacked_columns["col" . $j] = ($graph_item_types{$xport_item["graph_type_id"]} == "STACK") ? 1 : 0;
$j++;
- $txt_xport_items .= "XPORT:" . $data_source_name . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ;
+ $txt_xport_items .= "XPORT:" . cacti_escapeshellarg($data_source_name) . ":" . str_replace(":", "", cacti_escapeshellarg($legend_name)) ;
}else{
$need_rrd_nl = FALSE;
}