Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:0558-1

Опубликовано: 27 апр. 2020
Источник: suse-cvrf

Описание

Security update for cacti, cacti-spine

This update for cacti, cacti-spine to version 1.2.11 fixes the following issues:

This update is fixing multiple vulnerabilities and adding bug fixes. For more details consult the changes file.

Список пакетов

SUSE Package Hub 12
cacti-1.2.11-5.1
cacti-spine-1.2.11-2.1
openSUSE Leap 15.1
cacti-1.2.11-5.1
cacti-spine-1.2.11-2.1

Ссылки

Описание

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки

Описание

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

Затронутые продукты
SUSE Package Hub 12:cacti-1.2.11-5.1
SUSE Package Hub 12:cacti-spine-1.2.11-2.1
openSUSE Leap 15.1:cacti-1.2.11-5.1
openSUSE Leap 15.1:cacti-spine-1.2.11-2.1
Ссылки