Mandriva Update For Cacti MDVSA-2012:010 (cacti) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been found and corrected in cacti: SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter (CVE-2011-4824). Various vulnerabilities were discovered and fixed in the 0.8.7i version (cacti bug 2062). The updated packages provides the latest 0.8.7i version which are not affected by these issues.

Affected

cacti on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2011-4824

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:076 (avahi)
Mandrake Security Advisory MDVSA-2009:093 (mpg123)
Mandrake Security Advisory MDVSA-2009:096-1 (printer-drivers)
Mandrake Security Advisory MDVSA-2009:049 (pycrypto)
Mandrake Security Advisory MDVSA-2009:148 (kernel)

Mandriva Update for cacti MDVSA-2012:010 (cacti)

Take action and discover your vulnerabilities