|
|
Subscribe / Log in / New account

Ubuntu alert USN-7226-1 (cacti)



From:
              giampaolo.fresi.roglia@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7226-1] Cacti vulnerability


Date:
              Thu, 23 Jan 2025 15:36:17 +0100


Message-ID:
              <875xm54mxq.fsf@marge>



==========================================================================
Ubuntu Security Notice USN-7226-1
January 23, 2025

cacti vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Cacti could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- cacti: web interface for graphing of monitoring systems

Details:

It was discovered that Cacti did not properly sanitize the 'poller_id'
parameter in the "remote_agent.php" file. A remote attacker could
possibly use this issue to achieve remote code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  cacti                           1.2.19+ds1-2ubuntu1.1+esm2
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  cacti                           1.2.10+ds1-1ubuntu1.1+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  cacti                           1.1.38+ds1-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7226-1
  CVE-2022-46169




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQHZBAEBCgBDFiEEBcMY+nwS2CY71sUWc4vdAqvdlsYFAmeSU+ElHGdpYW1wYW9s
by5mcmVzaS5yb2dsaWFAY2Fub25pY2FsLmNvbQAKCRBzi90Cq92WxuV0C/9Z60q+
4pheqBl/sGZV62HtT6B0eJ+Yo5B1bwiWW/UTXmmxDCT7GV+P9l28h8LQ7A5TRam/
2DPal9+SDvf5FplRe2EW+uyX2xAkLKqafHJgHl6QF2Pcry8+3Ry05dMA+7eiqqJa
pmvTK5UDpBNTZDhFyFBS1e2YuQpE89GRBifwRWYRS0D9nAODPOpXOz8xqKGO5nq3
A7K4mjKvwiZW2KaNZni2YgqLH+jSAbdoK5e5YmLUMkpfOhfof2MMRi9GLyhM55Xu
OG0y6F2mD2iZtccGKn6sZ+VoMSYddTS1C6/fPhd7p0p7kMS5wHM+dWJRMYruoJkg
TJV9rnrRfcSdKVGZXCZe2/YTmbxbuMvBHTipQytDZtOLviBmH3+uS6yQ4/AkQiXy
BetV4S/EP7UW8IQVvz/TV5olsf1przJYpXQt1bku5z8LAAcvZseew5PS+LNaahQG
KCEZfffmjdv+m5QhXwr00LdTfrxwdaKhZW4GeDEv5mSwA7nJmuyQzRW3/n8=
=p9tR
-----END PGP SIGNATURE-----



Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds