Cacti Cross-Site Request Forgery Vulnerability (CVE-2014-2327)

Release date:
Updated on:

Affected Systems:
Cacti 0.8.8b
Cacti 0.8.7f
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66392
CVE (CAN) ID: CVE-2014-2327
 
Cacti is a database round robin (RRD) tool that helps you create images from database information. It has multiple Linux versions.
 
Cacti 0.8.8b and earlier versions have the Cross-Site Request Forgery Vulnerability, which allows remote attackers to modify binary files, modify configurations, or add arbitrary user requests, this vulnerability can be exploited to hijack user authentication.
 
<* Source: Deutsche Telekom CERT

Link: http://secunia.com/advisories/57647
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Cacti
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://bugs.cacti.net/view.php? Id = 2431
Http://bugs.cacti.net/view.php? Id = 2405
Debian-bugs-dist@lists.debian.org/msg1209356.html "target =" _ blank "> http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1209356.html
Http://www.securityfocus.com/archive/1/531588

In RHEL6.4, the Cacti + Spine monitoring host is used to send mail alarms.

Use Cacti + Spine to monitor remote hosts in RHEL6.4

CentOS 5.5 complete installation of Cacti + Spine

Cacti construction document under CentOS 6

Detailed description of Cacti monitoring deployment under RHEL5.9

How to install Cacti in CentOS 6.3

Quick installation and configuration of Cacti in CentOS Linux

Cacti details: click here
Cacti: click here