Debian Security Advisory DSA 1569-1 (cacti) Network Vulnerability

Summary

The remote host is missing an update to cacti announced via advisory DSA 1569-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201569-1

Insight

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible. For the stable distribution (etch), this problem has been fixed in version 0.8.6i-3.3. For the unstable distribution (sid), this problem has been fixed in version 0.8.7b-1. We recommend that you upgrade your cacti package.

Severity

Classification

CVE CVE-2008-0783, CVE-2008-0785

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1009-1 (crossfire)
Debian Security Advisory DSA 012-1 (micq)
Debian Security Advisory DSA 029-1 (proftpd)
Debian Security Advisory DSA 1043-1 (abcmidi)
Debian Security Advisory DSA 1002-1 (webcalendar)

Take action and discover your vulnerabilities