[v3.0] cacti: multiple fixes (CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-2708 CVE-2014-2709 CVE-2014-4002)
Multiple issues have been fixed by vendor in the stable branch for cacti 0.8.8b.
CVE-2014-2326 Unspecified HTML Injection Vulnerability
CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
CVE-2014-2708 Unspecified SQL Injection Vulnerability
CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
CONFIRM: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768
CONFIRM: http://www.cacti.net/download\_patches.php
PATCHES: http://www.cacti.net/downloads/patches/0.8.8b/security.patch
Additional issues not yet fixed in the stable branch:
CVE-2014-2327:
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b,
and earlier allows remote attackers to hijack the authentication of
users for unspecified commands, as demonstrated by requests that (1)
modify binary files, (2) modify configurations, or (3) add arbitrary
users.
URL: http://www.securityfocus.com/archive/1/531588
CONFIRM: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768
URL: http://www.securityfocus.com/bid/66392
CONFIRM: http://bugs.cacti.net/view.php?id=2432 (CVE-2014-2327, not yet
resolved by vendor in the stable branch)
CVE-2014-4002:
Cross-Site Scripting Vulnerability.
Architecture: source all
Urgency: high
Maintainer: Cacti Maintainer
<pkg-cacti-maint@lists.alioth.debian.org>
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752573
http://seclists.org/bugtraq/2014/Jun/166
SVN CHECKOUT: http://www.cacti.net/svn.php
CONFIRM: http://svn.cacti.net/viewvc?view=rev&revision=7451 (unstable
branch only yet)
CONFIRM: http://svn.cacti.net/viewvc?view=rev&revision=7452 (unstable
branch only yet)
(from redmine: issue id 3129, created on 2014-07-02, closed on 2014-07-07)
- Relations:
- parent #3125 (closed)
- Changesets:
- Revision 7d61b62e by Natanael Copa on 2014-07-07T09:45:09Z:
main/cacti: security fix for various CVEs
CVE-2014-2326
CVE-2014-2327
CVE-2014-2328
CVE-2014-2708
CVE-2014-2709
CVE-2014-4002
fixes #3129
(cherry picked from commit fa2998fd037f72a85b53903b13a23d50a22aa3c9)