Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 22.04 LTS: USN-7226-1 moderate: cacti remote code execution

ubuntu
Calendar Grey January 23, 2025
Dist Ubuntu Esm H88
Certain vulnerabilities in cacti may lead to system failures or unintended code execution from unprocessed network data. It's crucial to update the software to maintain security integrity.
Cacti could be made to crash or run programs if it received specially crafted network traffic.

Summary

Cacti could be made to crash or run programs if it received

specially crafted network traffic.

Software Description:

- cacti: web interface for graphing of monitoring systems

Details:

It was discovered that Cacti did not properly sanitize the 'poller_id'

parameter in the "remote_agent.php" file. A remote attacker could

possibly use this issue to achieve remote code execution.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  cacti                           1.2.19+ds1-2ubuntu1.1+esm2
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  cacti                           1.2.10+ds1-1ubuntu1.1+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  cacti                           1.1.38+ds1-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7226-1

CVE-2022-46169

==========================================================================

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here