what you don't know can hurt you

Debian Security Advisory 2747-1

Debian Security Advisory 2747-1
Posted Aug 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2747-1 - Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-5588, CVE-2013-5589
MD5 | 2529d2bb29e016c50d57268145a966ce

Debian Security Advisory 2747-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2747-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
August 31, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cacti
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-5588 CVE-2013-5589

Two vulnerabilities were discovered in Cacti, a web interface for
graphing of monitoring systems:

CVE-2013-5588

install/index.php and cacti/host.php suffered from Cross-Site
Scripting vulnerabilities.

CVE-2013-5589

cacti/host.php contained an SQL injection vulnerability, allowing
an attacker to execute SQL code on the database used by Cacti.

For the oldstable distribution (squeeze), these problems have been fixed in
version 0.8.7g-1+squeeze3.

For the stable distribution (wheezy), these problems have been fixed in
version 0.8.8a+dfsg-5+deb7u2.

For the unstable distribution (sid), these problems have been fixed in
version 0.8.8b+dfsg-3.

We recommend that you upgrade your cacti packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSIjM+AAoJEL97/wQC1SS++40H/RQJwb6+1U4HTa0oEe0XxDoc
tarEazGr4nyHq2iP9yLKAZQAxtXZsLBznUGhIQVNplNpjRCVVATtLl+gzazvpQJk
EDZdtlJkOrC5nvlsGmhXs7WWukemU/gkaskfXwd0/G3w1HxuSWmbdSuyyaKbYPZB
opDiko0aDPrOo/2dRP/45J20lJ0zVn4C62HZvs6u8RCyji9yADibHe3J4QWlaj8G
ZsHCoVjUgkA81fBiI/H42Wqiewf0+R56CXLsf/csEk7vMmGZYpfnd8trvS9I5Yx2
4ZQVbzWiX4ItvWmljWDLtBy11xKC5tz1bM5mKDAY2oAtM+S2rCzar5uLoduvwEk=
=pAOw
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2015

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    2 Files
  • 2
    Feb 2nd
    17 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    16 Files
  • 5
    Feb 5th
    14 Files
  • 6
    Feb 6th
    4 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2015 Packet Storm. All rights reserved.

close