Several security issues were fixed in Cacti.
Software Description:
- cacti: web interface for graphing of monitoring systems
Details:
It was discovered that Cacti did not properly apply checks to the "Package
Import" feature. An attacker could possibly use this issue to perform
arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu
22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-25641)
It was discovered that Cacti did not properly sanitize values when using
javascript based API. A remote attacker could possibly use this issue to
inject arbitrary javascript code resulting into cross-site scripting
vulnerability. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29894)
It was discovered that Cacti did not properly sanitize values when managing
data queries. A remote attacker could possibly use this issue to inject
arbitrary javascript code resulting into cross-site scripting
vulnerability. (CVE-2024-31443)
It was discovered that Cacti did not...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
cacti 1.2.26+ds1-1ubuntu0.1
Ubuntu 22.04 LTS
cacti 1.2.19+ds1-2ubuntu1.1
Ubuntu 20.04 LTS
cacti 1.2.10+ds1-1ubuntu1.1
Ubuntu 18.04 LTS
cacti 1.1.38+ds1-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 16.04 LTS
cacti 0.8.8f+ds1-4ubuntu4.16.04.2+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
cacti 0.8.8b+dfsg-5ubuntu0.2+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-6969-1
CVE-2024-25641, CVE-2024-29894, CVE-2024-31443, CVE-2024-31444,
CVE-2024-31445, CVE-2024-31458, CVE-2024-31459, CVE-2024-31460,
CVE-2024-34340
Get the latest Linux and open source security news straight to your inbox.