cacti/cacti-0.8.8b-remote-command-execution.patch

------------------------------------------------------------------------
r7442 | rony | 2014-03-30 18:41:56 -0500 (Sun, 30 Mar 2014) | 2 lines

bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability

------------------------------------------------------------------------
Index: branches/0.8.8/lib/graph_export.php
===================================================================
--- branches/0.8.8/lib/graph_export.php	(revision 7441)
+++ branches/0.8.8/lib/graph_export.php	(revision 7442)
@@ -339,7 +339,7 @@
 	chdir($stExportDir);
 
 	/* set the initial command structure */
-	$stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password'];
+	$stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']);
 
 	/* if the user requested passive mode, use it */
 	if ($aFtpExport['passive']) {
@@ -347,7 +347,7 @@
 	}
 
 	/* setup the port, server, remote directory and all files */
-	$stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . ".";
+	$stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . ".";
 
 	/* run the command */
 	$iExecuteReturns = 0;
patchs for CVEs - Patch for CVE-2014-2708 SQL injection issues in graph_xport.php (RHBZ #1084258) - Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php (RHBZ #1084258) - Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122) - Patch for CVE-2014-2327 missing CSRF token (RHBZ #1082122) - Patch for CVE-2014-2328 use of exec-like function calls without safety checks allow arbitrary command execution (RHBZ #1082122) 2014-04-07 23:58:57 +00:00			`------------------------------------------------------------------------`
			`r7442 \| rony \| 2014-03-30 18:41:56 -0500 (Sun, 30 Mar 2014) \| 2 lines`

			`bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability`

			`------------------------------------------------------------------------`
			`Index: branches/0.8.8/lib/graph_export.php`
			`===================================================================`
			`--- branches/0.8.8/lib/graph_export.php (revision 7441)`
			`+++ branches/0.8.8/lib/graph_export.php (revision 7442)`
			`@@ -339,7 +339,7 @@`
			`chdir($stExportDir);`

			`/* set the initial command structure */`
			`- $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password'];`
			`+ $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']);`

			`/* if the user requested passive mode, use it */`
			`if ($aFtpExport['passive']) {`
			`@@ -347,7 +347,7 @@`
			`}`

			`/* setup the port, server, remote directory and all files */`
			`- $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . ".";`
			`+ $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . ".";`

			`/* run the command */`
			`$iExecuteReturns = 0;`