[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 560-1] cacti security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cacti
Version        : 0.8.8a+dfsg-5+deb7u9
CVE ID         : CVE-2016-2313 CVE-2016-3172 CVE-2016-3659


Three security issues have been found in cacti:

CVE-2016-2313

    auth_login.php allows remote authenticated users who use web
    authentication to bypass intended access restrictions by logging in
    as a user not in the cacti database.

CVE-2016-3172

    An SQL injection vulnerability in tree.php allows remote authenticated
    users to execute arbitrary SQL commands via the parent_id parameter in
    an item_edit action.

CVE-2016-3659

    An SQL injection vulnerability in graph_view.php allows remote
    authenticated users to execute arbitrary SQL commands via the
    host_group_data parameter.


For Debian 7 "Wheezy", these problems have been fixed in version
0.8.8a+dfsg-5+deb7u9.

We recommend that you upgrade your cacti packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXlpRkAAoJEJ1GxIjkNoMC4UkP/0mVCPUjcoNJbZ5fXAURks1b
HIt3l8Oc4lxqKhyXvTVLKBuQ+P3y7g12ttj24QTDYd8Eiq0wSdl+1goBdoVy5sKy
CwWBpkw7Q0tdzJDUv/+VWOg+l+prOLMLzP4B5bI1lwRoj67DMBv7sND+rI4X3pnY
B5C7o2SaSdzaP+flycQ+7isytBBJCswXLmYVf8tNdpagiQ+AYSvy/rtjWF41VAhg
152G6DWxJGwQtrkDc3fzbYNrwrJmqoNoLRPSQAqzDlOOPWfE/qHkFVN5yX/CbBR0
Hcp15umtOnZXSWFpozlIxvIXR3JZRhdWvQxFw514RHWiA2ICE/HRsORMmWUGSRPq
AJ9Af7lo8UpcRVh33DQt2QrU8aJQPRIMRilywCm1G99NMlJ87UqTd+HmaEQ1Fqvp
r2DwEyFGWU3AXm6ENzVVI26o8pSFuMaWW7nrjhd3+eKYKd8KTCwKvKAvcqao+n6u
LvMsLbnfKBe//NJ/GeaimqM4v5w1X1tLQhZSzKAYgzgryw/G1IOTKiOO345WsJ9Q
5Sx45svp93T8MUWkUmxL9dHhu/s3LFjgYN1T9UkMxbneE5GGNIkuYr9IsVmGgpaT
RP7nm3ku9JoSxPDrR995n8nyTQaQb9B3xarq8ZPydweLC5vpYxekN9egqu/Qb9AV
uH50CbusqWQRPQB2N466
=1bMM
-----END PGP SIGNATURE-----


Reply to: