Debian Security Advisory
DSA-1569-2 cacti -- insufficient input sanitising
- Date Reported:
- 05 May 2008
- Affected Packages:
- cacti
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2008-0783, CVE-2008-0785.
- More information:
-
It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.
For the stable distribution (etch), this problem has been fixed in version 0.8.6i-3.4.
For the unstable distribution (sid), this problem has been fixed in version 0.8.7b-1.
We recommend that you upgrade your cacti package.
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz
- http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4.diff.gz
- http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4.dsc
- http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4_all.deb
MD5 checksums of the listed files are available in the original advisory.