[SECURITY] [DLA 278-1] cacti security update

2015-07-20T17:04:33
ID DEBIAN:DLA-278-1:14263
Type debian
Reporter Debian
Modified 2015-07-20T17:04:33

Description

Package : cacti Version : 0.8.7g-1+squeeze7 CVE ID : CVE-2015-4634 Debian Bug : NA

Several SQL injection vulnerabilities were discovered in cacti, a frontend to rrdtool for monitoring systems and service:

CVE-2015-4634 SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands in graphs.php

Currently unknown or unassigned CVE's SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands in cdef.php, color.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, gprint_presets.php, graph_templates.php, graph_templates_items.php, graphs_items.php, host.php, host_templates.php, lib/functions.php, rra.php, tree.php and user_admin.php

For the oldoldstable distribution (squeeze), these problems have been fixed in version 0.8.7g-1+squeeze7.