Release date:
Updated on:
Affected Systems:
Cacti 0.8.8b
Cacti 0.8.7f
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66392
CVE (CAN) ID: CVE-2014-2327
Cacti is a database round robin (RRD) tool that helps you create images from database information. It has multiple Linux versions.
Cacti 0.8.8b and earlier versions have the Cross-Site Request Forgery Vulnerability, which allows remote attackers to modify binary files, modify configurations, or add arbitrary user requests, this vulnerability can be exploited to hijack user authentication.
<* Source: Deutsche Telekom CERT
Link: http://secunia.com/advisories/57647
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cacti
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://bugs.cacti.net/view.php? Id = 2431
Http://bugs.cacti.net/view.php? Id = 2405
Debian-bugs-dist@lists.debian.org/msg1209356.html "target =" _ blank "> http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1209356.html
Http://www.securityfocus.com/archive/1/531588
In RHEL6.4, the Cacti + Spine monitoring host is used to send mail alarms.
Use Cacti + Spine to monitor remote hosts in RHEL6.4
CentOS 5.5 complete installation of Cacti + Spine
Cacti construction document under CentOS 6
Detailed description of Cacti monitoring deployment under RHEL5.9
How to install Cacti in CentOS 6.3
Quick installation and configuration of Cacti in CentOS Linux
Cacti details: click here
Cacti: click here