retitle 926700 cacti: CVE-2019-11025 - XSS in utilities.php
thanks
Hi all,
I've attached a patch that I intend to upload to jessie LTS. May I
also prepare an update for stretch based on this?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-Backport from https://github.com/Cacti/cacti/commit/c373e66a6a224e221a1db037164144ce59b20736
--- cacti-0.8.8b+dfsg.orig/utilities.php
+++ cacti-0.8.8b+dfsg/utilities.php
@@ -1164,7 +1164,7 @@ function utilities_view_snmp_cache() {
}
if (sizeof($hosts) > 0) {
foreach ($hosts as $host) {
- print "<option value='" . $host["id"] . "'"; if (get_request_var_request("host_id") == $host["id"]) { print " selected"; } print ">" . $host["description"] . "</option>\n";
+ print "<option value='" . $host["id"] . "'"; if (get_request_var_request("host_id") == $host["id"]) { print " selected"; } print ">" . htmlspecialchars($host["description"]) . "</option>\n";
}
}
?>
@@ -1305,7 +1305,7 @@ function utilities_view_snmp_cache() {
form_alternate_row_color($colors["form_alternate1"],$colors["form_alternate2"],$i);
?>
<td>
- Host: <?php print (strlen(get_request_var_request("filter")) ? (preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", $item["description"])) : $item["description"]);?>
+ Host: <?php print (strlen(get_request_var_request("filter")) ? (preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", htmlspecialchars($item["description"]))) : htmlspecialchars($item["description"]));?>
, SNMP Query: <?php print (strlen(get_request_var_request("filter")) ? (preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", $item["name"])) : $item["name"]);?>
</td>
</tr>
@@ -1313,7 +1313,7 @@ function utilities_view_snmp_cache() {
form_alternate_row_color($colors["form_alternate1"],$colors["form_alternate2"],$i);
?>
<td>
- Index: <?php print $item["snmp_index"];?>
+ Index: <?php print htmlspecialchars($item["snmp_index"]);?>
, Field Name: <?php print (strlen(get_request_var_request("filter")) ? (preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", $item["field_name"])) : $item["field_name"]);?>
, Field Value: <?php print (strlen(get_request_var_request("filter")) ? (preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", $item["field_value"])) : $item["field_value"]);?>
</td>
@@ -1559,12 +1559,12 @@ function utilities_view_poller_cache() {
if ($item["snmp_version"] != 3) {
$details =
"SNMP Version: " . $item["snmp_version"] . ", " .
- "Community: " . $item["snmp_community"] . ", " .
+ "Community: " . htmlspecialchars($item["snmp_community"]) . ", " .
"OID: " . (strlen(get_request_var_request("filter")) ? (preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", $item["arg1"])) : $item["arg1"]);
}else{
$details =
"SNMP Version: " . $item["snmp_version"] . ", " .
- "User: " . $item["snmp_username"] . ", OID: " . $item["arg1"];
+ "User: " . htmlspecialchars($item["snmp_username"]) . ", OID: " . $item["arg1"];
}
}elseif ($item["action"] == 1) {
$details = "Script: " . (strlen(get_request_var_request("filter")) ? (preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", $item["arg1"])) : $item["arg1"]);
@@ -1583,7 +1583,7 @@ function utilities_view_poller_cache() {
<td>
</td>
<td>
- RRD: <?php print $item["rrd_path"];?>
+ RRD: <?php print htmlspecialchars($item["rrd_path"]);?>
</td>
</tr>
<?php
