tags 404818 + patch thanks This has been assigned CVE id CVE-2006-6799, please mention this in the changelog.
The attached pacth *should* fix the issue. I don't think it contains regressions, but I haven't had time to test it. When uploading, please do so with high urgency. Many thanks, Neil -- * Tolimar votes for debconf7 to be somewhere where he speaks the language. <Tolimar> That would a veto for switzerland ;) <Ganneff> Tolimar: that also vetos germany
--- cmd.php 2007-01-09 00:01:08.539285701 +0000 +++ cmd.php 2007-01-09 00:09:07.109194451 +0000 @@ -26,7 +26,7 @@ */ /* do NOT run this script through a web browser */ -if (isset($_SERVER["argv"][0])) { +if (isset($_SERVER["REQUEST_METHOD"])) { die("<br><strong>This script is only meant to run at the command line.</strong>"); } @@ -72,23 +72,23 @@ if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) { $hosts = db_fetch_assoc("select * from host where (disabled = '' and " . "id >= " . - $_SERVER["argv"][1] . + (int)$_SERVER["argv"][1] . " and id <= " . - $_SERVER["argv"][2] . ") ORDER by id"); + (int)$_SERVER["argv"][2] . ") ORDER by id"); $hosts = array_rekey($hosts,"id",$host_struc); $host_count = sizeof($hosts); $polling_items = db_fetch_assoc("SELECT * from poller_item " . "WHERE (host_id >= " . - $_SERVER["argv"][1] . + (int)$_SERVER["argv"][1] . " and host_id <= " . - $_SERVER["argv"][2] . ") ORDER by host_id"); + (int)$_SERVER["argv"][2] . ") ORDER by host_id"); $script_server_calls = db_fetch_cell("SELECT count(*) from poller_item " . "WHERE (action=2 AND (host_id >= " . - $_SERVER["argv"][1] . + (int)$_SERVER["argv"][1] . " and host_id <= " . - $_SERVER["argv"][2] . "))"); + (int)$_SERVER["argv"][2] . "))"); }else{ print "ERROR: Invalid Arguments. The first argument must be less than or equal to the first.\n"; print "USAGE: CMD.PHP [[first_host] [second_host]]\n"; @@ -151,7 +151,7 @@ $host_update_time = date("Y-m-d H:i:s"); // for poller update time } - $host_id = $item["host_id"]; + $host_id = (int)$item["host_id"]; if (($new_host) && (!empty($host_id))) { $ping->host["hostname"] = $item["hostname"];
signature.asc
Description: Digital signature