Critical: cacti

Issue Overview:

A flaw was found in how Cacti grants authorization based on IP address which allows authentication bypass, and possibly arbitrary command execution if a poller_item configured with a POLLER_ACTION_SCRIPT_PHP action is present.

This updated cacti package adds a feature allowing an administrator to explicitly list headers suitable for use in client authentication. This option is not currently enabled by default in order to preserve compatibility but may be set by default in a future release. This is consistent with the latest upstream cacti releases (1.2.23 and 1.3.0). Additional details can be found here: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

In order to mitigate the authentication bypass customers must set the new $proxy_headers configuration option in /etc/cacti/db.php appropriately for their environment by either setting it to false or an array of the headers for cacti to trust.

Additionally, customers are strongly recommended to:

1. Consider using user authentication via a reverse proxy front end like httpd or nginx
2. Cacti administrators should configure the client-facing web server or reverse proxy to strip any trusted headers provided by untrusted sources, to prevent them from reaching the Cacti server and being used to bypass the authentication process.

Affected Packages:

cacti

Issue Correction:
Run yum update cacti to update your system.

New Packages:

noarch:  
    cacti-1.1.19-2.20.amzn1.noarch  
  
src:  
    cacti-1.1.19-2.20.amzn1.src  

Additional References

Red Hat: CVE-2022-46169

Mitre: CVE-2022-46169