-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 Feb 2025 17:42:17 +0100
Source: cacti
Architecture: source
Version: 1.2.16+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
cacti (1.2.16+ds1-2+deb11u5) bullseye-security; urgency=high
.
[ Bastien Roucariès ]
* Non-maintainer upload by the LTS Security Team.
* Fix CVE-2024-43362: XSS (Cross-Site Scripting) Vulnerability.
The `fileurl` parameter is not properly sanitized when
saving external links in `links.php` . Morever, the said
fileurl is placed in some html code which is passed to
the `print` function in `link.php` and `index.php`,
finally leading to stored XSS
* Fix CVE-2024-43363: Remote Code Execution (RCE) by
log poisoning. An admin user can create a device with
a malicious hostname containing php code and repeat
the installation process to use a php file as the
cacti log file. After having the malicious hostname end
up in the logs (log poisoning), one can simply go to the
log file url to execute commands to achieve RCE.
* Fix CVE-2024-43364: Stored XSS (Cross-Site Scripting) Vulnerability.
The `title` parameter is not properly sanitized when
saving external links in links.php . Morever, the said
title parameter is stored in the database and reflected back
to user in index.php, finally leading to stored XSS.
* Fix CVE-2024-43365: Stored XSS (Cross-Site Scripting) Vulnerability.
The`consolenewsection` parameter is not properly sanitized
when saving external links in links.php . Morever, the said
consolenewsection parameter is stored in the database and
reflected back to user in `index.php`, finally leading
to stored XSS.
* Fix CVE-2024-45598: Local File Inclusion (LFI) Vulnerability
via Poller Standard Error Log Path.
An admin can change Poller Standard Error Log Path parameter in
either Installation Step 5 or in Configuration->Settings->Paths tab
to a local file inside the server. Then simply going to Logs tab and
selecting the name of the local file will show its content
on the web UI.
* Fix CVE-2024-54145: SQL Injection vulnerability when request
automation devices.
A SQL injection vulnerability in get_discovery_results function
of automation_devices.php.paramter networkconcat into
sql_wherewithout Sufficient filtration.
* Fix CVE-2025-22604: Authenticated RCE via multi-line SNMP responses
Due to a flaw in multi-line SNMP result parser, authenticated users
can inject malformed OIDs in the response. When processed by
ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each
OID will be used as a key in an array that is used as part of a
system command, causing a command execution vulnerability.
* Fix CVE-2025-24367: Arbitrary File Creation leading to RCE
An authenticated Cacti user can abuse graph creation and graph
template functionality to create arbitrary PHP scripts in the
web root of the application, leading to remote code
execution on the server.
* Fix CVE-2025-24368: SQL Injection vulnerability when using
tree rules through Automation API
Some of the data stored in automation_tree_rules.php is not
thoroughly checked and is used to concatenate the SQL statement in
build_rule_item_filter() function from lib/api_automation.php ,*
finally resulting in SQL injection.
* Fix embedded node-dompurify.
+ Fix CVE-2024-47875: DOMpurify was vulnerable to
nesting-based mXSS
+ Fix CVE-2024-48910: DOMPurify was vulnerable to prototype
pollution.
.
[ Sylvain Beucler ]
* Adapt Salsa CI for LTS
Checksums-Sha1:
f101100f13ed863aa423dcd51410c695217ffe36 2503 cacti_1.2.16+ds1-2+deb11u5.dsc
a69b61a006c30aaea6e0d2dd23981c48dfb7cc2b 13562956 cacti_1.2.16+ds1.orig-docs-source.tar.gz
e130e91a789af3125d276c5a9022b915cbaea822 7423308 cacti_1.2.16+ds1.orig.tar.gz
6a67dbf5b0942752a04d3d835eb61814939a6206 101376 cacti_1.2.16+ds1-2+deb11u5.debian.tar.xz
3d8f197fb423307a6032b0bd634606d3f3c20eef 6579 cacti_1.2.16+ds1-2+deb11u5_amd64.buildinfo
Checksums-Sha256:
38444facf5b7d51f00214b90a7ab654d61b608b1ebb190986a07d919902f6c74 2503 cacti_1.2.16+ds1-2+deb11u5.dsc
ce2d29621353ef096a8844ddedb96cc4cd5d2e11a6a26f1022cecbb2a4583fcd 13562956 cacti_1.2.16+ds1.orig-docs-source.tar.gz
2084865fda2f2f6ae0286cce87d9d9886e49a0b3c105228d99226cc027384511 7423308 cacti_1.2.16+ds1.orig.tar.gz
06dbd55e5bd49959e2753a1a16b43b4d342c207e30d19a37a21f9f95318a595e 101376 cacti_1.2.16+ds1-2+deb11u5.debian.tar.xz
65839796d3c3f9179b6528d70ea395c4a10f9d576b790efc682366516802a8df 6579 cacti_1.2.16+ds1-2+deb11u5_amd64.buildinfo
Files:
a9cc61228202c123372024de266b4431 2503 web optional cacti_1.2.16+ds1-2+deb11u5.dsc
203a2ac99af6ea4a209e505647b398d8 13562956 web optional cacti_1.2.16+ds1.orig-docs-source.tar.gz
29b74097553ab9693820a1e71fc67083 7423308 web optional cacti_1.2.16+ds1.orig.tar.gz
3b449dc0fdf4f8f9ac5bed62f2c068c4 101376 web optional cacti_1.2.16+ds1-2+deb11u5.debian.tar.xz
72766d908600e252fc3c261ef51ba143 6579 web optional cacti_1.2.16+ds1-2+deb11u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmeqXpEACgkQADoaLapB
CF8y3xAArx21BpVX6tvAolXbwjIjLHs9SWZuwadnvTpB4BCJx6KVtM2cL8hy5QJu
XslMV/qhV1va5fMMhuShw6GWMizSWj5gyPaTBUR44HQXXKxWbQfSjcEeeqhwMfyl
q1YuWXTDJfy0j3myonUHOrFAs17yEhfJTFKq+pVY89sQgYIy2WRbvQn5LSEl9QtJ
WvLo2rQ+t56frJS+ba2tnYc9QgfaKrGw7Xcs4TFphEXP+vOn1rJC8yDm8HtA+nXl
V5GdzaEp3oM/4ZRxxOIIczk6Bu1+fV8jJ9pRvD3K9HqEXXlSY36KjLarsnuzX+4J
FHha4lW0eiVCjmei2fxSze5XFvegdvG81YSTCOHY+fYw4a2LDhFzkNXwRZ/A3zFw
waK8QtGpkxsUNdYphZ88SyQmmqNRxnXmUpYCHprg6oyWv27yG7YP6zX+nviUrkGH
vu/6e37HeaoXiLUOIqHVYGOOrSX4n36XkySj2VM8WfABhkKrM82RtU3nwcE1RREu
iyGeyY/8+M8JII+j3YtisqsSoTcmOGN0BInXA56VUVFCvSV5snBglYLnezoWxui+
R/8Cuh/Gdvk7KXEeDk1CcoZ7S5MgF35wP39OZhPhUTaGH5PNAimlEuIhzo2VXczD
m+sFvKgkaER8nYS2WawC7K3l54P/wEzRtN5jrkRkHuv7T9Z+mnw=
=e5mE
-----END PGP SIGNATURE-----
Attachment:
pgpgr9G3QImxe.pgp
Description: PGP signature