Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Cacti remote code and SQL injection vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cacti remote code and SQL injection vulnerability
Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version).  The vulnerabilities include SQL injection and possible remote code execution.  There is public proof-of-concept code available.  If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.

References:
Secunia bullentin: http://secunia.com/advisories/23528/
CVE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6799
Cacti home: http://www.cacti.net


Jim Clausing,  jclausing %% at %% isc dot sans dot org
I will be teaching next: Malware Reverse-Engineering Challenge - Cyber Threat Intelligence Summit & Training 2019

Jim

402 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!