security update: sql injection patch

2 files changed, 13 insertions, 0 deletions

diff --git a/net-analyzer/cacti/files/cacti-0.8.5a-sql-injection.patch b/net-analyzer/cacti/files/cacti-0.8.5a-sql-injection.patch
new file mode 100644
index 000000000000..ae87c954315f
--- /dev/null
+++ b/net-analyzer/cacti/files/cacti-0.8.5a-sql-injection.patch
@@ -0,0 +1,12 @@
+--- /var/www/localhost/htdocs/cacti/auth_login.php	2004-08-17 11:24:40.000000000 +0300
++++ auth_login.php	2004-08-17 12:33:52.271029872 +0300
+@@ -29,9 +29,6 @@
+ 
+ switch ($_REQUEST["action"]) {
+ case 'login':
+-	/* --- UPDATE old password with new md5 password value */
+-	db_execute("update user_auth set password = '" . md5($_POST["password"]) . "' where username='" . $_POST["username"] . "' and password = PASSWORD('" . $_POST["password"] . "')");
+-
+ 	/* --- start ldap section --- */
+ 	$ldap_auth = false;
+ 	if ((read_config_option("ldap_enabled") == "on") && ($_POST["realm"] == "ldap") && (strlen($_POST["password"]))){
diff --git a/net-analyzer/cacti/files/digest-cacti-0.8.5a-r1 b/net-analyzer/cacti/files/digest-cacti-0.8.5a-r1
new file mode 100644
index 000000000000..7a5183477ccd
--- /dev/null
+++ b/net-analyzer/cacti/files/digest-cacti-0.8.5a-r1
@@ -0,0 +1 @@
+MD5 2b9ef4194664d65b86cdcc9a0f126609 cacti-0.8.5a.tar.gz 986785