Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Cacti remote code and SQL injection vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cacti remote code and SQL injection vulnerability
Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version).  The vulnerabilities include SQL injection and possible remote code execution.  There is public proof-of-concept code available.  If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.

References:
Secunia bullentin: http://secunia.com/advisories/23528/
CVE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6799
Cacti home: http://www.cacti.net


Jim Clausing,  jclausing %% at %% isc dot sans dot org
Jim

399 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!