CVE-2017-16641

Опубликовано: 07 нояб. 2017

Источник: debian

Описание

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cacti	fixed	1.1.27+ds1-3		package
cacti	ignored		stretch	package
cacti	ignored		jessie	package
cacti	no-dsa		wheezy	package

Примечания

https://github.com/Cacti/cacti/issues/1057
https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e

Связанные уязвимости

CVE-2017-16641

CVSS3: 7.2

ubuntu

около 8 лет назад

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

CVE-2017-16641

CVSS3: 7.2

nvd

около 8 лет назад

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

GHSA-h5hf-99mp-vqgm

CVSS3: 7.2

github

больше 3 лет назад

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

openSUSE-SU-2017:3051-1

suse-cvrf

около 8 лет назад

Security update for cacti, cacti-spine