[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3884-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3884-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien Roucariès
September 09, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cacti
Version        : 1.2.16+ds1-2+deb11u4
CVE ID         : CVE-2022-41444 CVE-2024-25641 CVE-2024-31443 CVE-2024-31444
                 CVE-2024-31445 CVE-2024-31458 CVE-2024-31459 CVE-2024-31460
                 CVE-2024-34340

Cacti, a web interface for graphing of monitoring systems, was vulnerable.

CVE-2022-41444

    A Cross Site Scripting (XSS) vulnerability was found via crafted
    POST request to graphs_new.php.

CVE-2024-25641

    An arbitrary file write vulnerability was found, exploitable through
    the "Package Import" feature. This vulnerability allowed authenticated
    users having the "Import Templates" permission to execute
    arbitrary PHP code (RCE) on the web server.

CVE-2024-31443

    A Cross Site Scripting (XSS) vulnerabilty was found via crafted request
    to data_queries.php file.

CVE-2024-31444

    A Cross Site Scripting (XSS) vulnerabilty was found via crafted request
    to automation_tree_rules.php file, via automation_tree_rules_form_save()
    function.

CVE-2024-31445

    A SQL injection vulnerabilty was found in automation_get_new_graphs_sql
    function of `api_automation.php` allows authenticated users to exploit
    these SQL injection vulnerabilities to perform privilege escalation and
    remote code execution.

CVE-2024-31458

    A SQL injection vulnerability was found in form_save() function in
    graph_template_inputs.php file.

CVE-2024-31459

    A file inclusion issue in the 'lib/plugin.php' file was found. Combined
    with a SQL injection vulnerabilities, remote code execution (RCE) can
    be implemented.

CVE-2024-31460

    A SQL injection vulnerability was found in some of the data stored in
    automation_tree_rules.php file.

CVE-2024-34340

    A type juggling vulnerability was found in compat_password_verify function.
    Md5-hashed user input is compared with correct password in database by
    `$md5 == $hash`.
    It is a loose comparison, not the correct stricter `===`.

For Debian 11 bullseye, these problems have been fixed in version
1.2.16+ds1-2+deb11u4.

We recommend that you upgrade your cacti packages.

For the detailed security status of cacti please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cacti

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmbfQw0RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/7ag//RDo8di3hLnBo22e9rkR+acPJPAlFMtkK
gQIlIstnPHHA2usOs8FzhgF/UfHmIzzP7q3s+Tg1NaNrvWjGkkm7ujKvALqBDdM0
dWLregcRaS1gvjTnoq/Gaq/gX4jTEMoQ4kJQnGYeWyvwcq1iI0cc7i13sL4Pqnfw
3UknES1olnQeC4wBp4GZM2pWgAsWE7SdPVyJxPE/UYzV+YvVO4U/fCBk7UvHGjlV
3kkLZepmH6mWEAszvyhkkY806vhVasdfvYrn0fMo/DiT5roh7DaSn1ck8JEF2XUI
NUHDQ0JdFrscMw9Tk0rV2PzAabW/tEscfCiwko41GE8WBdwBeo2Fe6YGNeg4T4ls
iCb3FgvBLAMaOpoF2oRpIl5QZab6xFVwfcHortzeghbiOo/kmqiuibs0wKLO/QU1
E+SyXYJ3SP74ZAHQlBr/5aV6NId9XiImzqQnDwe6VO6A16D+lbfSRk2OJ3o9DjXD
juxEbxi744o9sNrVqRd2+X3Q6Bl9/XaqWowqRUdj6uPOU0r+fOvsf+WYRGDZoWzr
mjcbWBsCfzlulFP3dWBkuVKEGDnBF/YlX84yXBTOAnw3K4ZV1sc9sX6ELrOC9t8O
PBwtsfl+lYlQGYqPK8bNfdRAOMRM3V4ZVO3anW78ZkMNf1yKoQJ2pt5Ye+wpF2cp
50hdfLa83Uk=
=nG4z
-----END PGP SIGNATURE-----
Reply to: