this might be a different issue, but running checks with Nessus reported this problem on one of my machines:
"The version of Cacti does not properly check whether the 'copy_cacti_user.php' script is being run from a commandline and fails to sanitize user-supplied input before using it in database queries. Provided PHP's 'register_argc_argv' parameter is enabled, which is the default, an attacker can leverage this issue to launch SQL injection attack against the underlying database and, for example, add arbitrary administrative users." I ran the test script at http://milw0rm.com/exploits/3045 "successfully" with Dapper (Cacti 0.8.6h-ubuntu1) -- [CVE-2007-6035] cacti has a sql injection vulnerability https://bugs.launchpad.net/bugs/164072 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs