Skip to content
Permalink
Browse files

Resolving Issue #3201

Vulnerability Report: Remote Code Execution due to input validation in Performance Boost Debug Log
  • Loading branch information
cigamit committed Jan 19, 2020
1 parent 56a04c6 commit 5010719dbd160198be3e07bb994cf237e3af1308
Showing with 17 additions and 0 deletions.
  1. +1 −0 CHANGELOG
  2. +12 −0 lib/functions.php
  3. +4 −0 settings.php
@@ -2,6 +2,7 @@ Cacti CHANGELOG

1.2.9
-security#3191: CVE-2020-7106 Vulnerability report: Lack of escaping on some pages can lead to XSS exposure
-security#3201: Vulnerability Report: Remote Code Execution due to input validation in Performance Boost Debug Log
-issue#3038: Minor UI issue for aggregate when 'main' div width is less than 1230px
-issue#3136: As a extra fixing for #3060, resolve 1.2.1+ upgrade wizard failure.
-issue#3142: Chrome sets graphs tree navigation view to width 0px
@@ -1530,6 +1530,18 @@ function strip_alpha($string) {
}
}

/** is_valid_pathname - takes a pathname are verifies it matches file name rules
* @arg $path - (char) the pathname to be tested
* @returns - either true or false
*/
function is_valid_pathname($path) {
if (preg_match('/^([a-zA-Z0-9.-\\\:\/]+)$/', trim($path))) {
return true;
} else {
return false;
}
}

/** get_full_script_path - gets the full path to the script to execute to obtain data for a
* given data source. this function does not work on SNMP actions, only script-based actions
* @arg $local_data_id - (int) the ID of the data source
@@ -109,6 +109,10 @@
$errors[9] = 9;
$continue = false;
}
} elseif (get_nfilter_request_var($field_name) != '' && !is_valid_pathname(get_nfilter_request_var($field_name))) {
$_SESSION['sess_error_fields'][$field_name] = $field_name;
$_SESSION['sess_field_values'][$field_name] = get_nfilter_request_var($field_name);
$errors[36] = 36;
}

if ($continue) {

0 comments on commit 5010719

Please sign in to comment.
You can’t perform that action at this time.