Cacti: Multiple vulnerabilities Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. cacti 2014-01-21 2014-01-21 324031 480196 remote 0.8.8b 0.8.8b

Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality.

Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.

A remote attacker could execute arbitrary SQL commands via specially crafted parameters, execute arbitrary shell code or inject malicious script code.

There is no known workaround at this time.

All Cacti users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8b" CVE-2010-1644 CVE-2010-1645 CVE-2010-2092 CVE-2010-2543 CVE-2010-2544 CVE-2010-2545 CVE-2013-1434 CVE-2013-1435 underling Zlogene