Debian Security Advisory DSA 1569-3 (cacti) Network Vulnerability

Summary

The remote host is missing an update to cacti announced via advisory DSA 1569-3.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201569-3

Insight

Since the previous security update, the cacti package could no longer be rebuilt from the source package. This update corrects that problem. Note that this problem does not affect regular use of the provided binary packages (.deb). For reference the original advisory text follows. It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible. For the stable distribution (etch), this problem has been fixed in version 0.8.6i-3.5.

Severity

Classification

CVE CVE-2008-0783, CVE-2008-0785

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
Debian Security Advisory DSA 106-1 (rsync)
Debian Security Advisory DSA 1008-1 (kdegraphics)
Debian Security Advisory DSA 059-1 (man-db)
Debian Security Advisory DSA 079-2 (uucp)

Take action and discover your vulnerabilities