DSA-1569-2 cacti -- insufficient input sanitising

Debian Security Advisory

DSA-1569-2 cacti -- insufficient input sanitising

Date Reported:

05 May 2008

Affected Packages:

cacti

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2008-0783, CVE-2008-0785.

More information:

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.

For the stable distribution (etch), this problem has been fixed in version 0.8.6i-3.4.

For the unstable distribution (sid), this problem has been fixed in version 0.8.7b-1.

We recommend that you upgrade your cacti package.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:

http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz

http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4.diff.gz

http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4.dsc

Architecture-independent component:

http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4_all.deb

MD5 checksums of the listed files are available in the original advisory.