tags 404818 + patch thanks This has been assigned CVE id CVE-2006-6799, please mention this in the changelog.
The attached pacth *should* fix the issue. I don't think it contains
regressions, but I haven't had time to test it.
When uploading, please do so with high urgency.
Many thanks,
Neil
--
* Tolimar votes for debconf7 to be somewhere where he speaks the
language.
<Tolimar> That would a veto for switzerland ;)
<Ganneff> Tolimar: that also vetos germany
--- cmd.php 2007-01-09 00:01:08.539285701 +0000
+++ cmd.php 2007-01-09 00:09:07.109194451 +0000
@@ -26,7 +26,7 @@
*/
/* do NOT run this script through a web browser */
-if (isset($_SERVER["argv"][0])) {
+if (isset($_SERVER["REQUEST_METHOD"])) {
die("<br><strong>This script is only meant to run at the command line.</strong>");
}
@@ -72,23 +72,23 @@
if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
"id >= " .
- $_SERVER["argv"][1] .
+ (int)$_SERVER["argv"][1] .
" and id <= " .
- $_SERVER["argv"][2] . ") ORDER by id");
+ (int)$_SERVER["argv"][2] . ") ORDER by id");
$hosts = array_rekey($hosts,"id",$host_struc);
$host_count = sizeof($hosts);
$polling_items = db_fetch_assoc("SELECT * from poller_item " .
"WHERE (host_id >= " .
- $_SERVER["argv"][1] .
+ (int)$_SERVER["argv"][1] .
" and host_id <= " .
- $_SERVER["argv"][2] . ") ORDER by host_id");
+ (int)$_SERVER["argv"][2] . ") ORDER by host_id");
$script_server_calls = db_fetch_cell("SELECT count(*) from poller_item " .
"WHERE (action=2 AND (host_id >= " .
- $_SERVER["argv"][1] .
+ (int)$_SERVER["argv"][1] .
" and host_id <= " .
- $_SERVER["argv"][2] . "))");
+ (int)$_SERVER["argv"][2] . "))");
}else{
print "ERROR: Invalid Arguments. The first argument must be less than or equal to the first.\n";
print "USAGE: CMD.PHP [[first_host] [second_host]]\n";
@@ -151,7 +151,7 @@
$host_update_time = date("Y-m-d H:i:s"); // for poller update time
}
- $host_id = $item["host_id"];
+ $host_id = (int)$item["host_id"];
if (($new_host) && (!empty($host_id))) {
$ping->host["hostname"] = $item["hostname"];
signature.asc
Description: Digital signature
