Headline
Debian Security Advisory 5298-1
Debian Linux Security Advisory 5298-1 - Two security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in unauthenticated command injection or LDAP authentication bypass.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5298-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffDecember 09, 2022 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : cactiCVE ID : CVE-2022-0730 CVE-2022-46169Debian Bug : 1008693 1025648Two security vulnerabilities have been discovered in Cacti, a webinterface for graphing of monitoring systems, which could result inunauthenticated command injection or LDAP authentication bypass.For the stable distribution (bullseye), these problems have been fixed inversion 1.2.16+ds1-2+deb11u1.We recommend that you upgrade your cacti packages.For the detailed security status of cacti please refer toits security tracker page at:https://security-tracker.debian.org/tracker/cactiFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOTiuUACgkQEMKTtsN8TjZelw/+IK8TVgkeBtodhDZpUpUlrBmGTZy/GQAGhCL7l5tVyDyrUySYlZWQg8dbKHJHTGBIxSmsqkK923y/ddZApQreteoAIPyY5VVZ8EmSa7k+tzIvEUkJKlqDEnBlavQth37WaDsB4OYRW+bWMnCrvMhBzMIuuJOIdPAA5nNyhSgGiwxjbrMtInXFavd9k+WO3FMoxD5Jdzc3BvFLH+NJJl4KP/E96WaHenOYonTkpu1ATEo2uqCA0jdWC1dWPtieLAvZvOKR9a8eieWLoKHn5GK9tsYN1VEqwPGdqLHe6vOmreUEqtnq86uNZ1RhYtv2uGWdRVs6jCUKUM8yM5qTBXHLqpaDVoOfHfRhQEI2anZlcFNuXXv3yEHOpWzanTlC7ncAbCF8kC0gzQ0nhb0AWehIwNsslxre8++FVjLlPHoppaaUlgwt3NFkq9ITs9MVohvp1RunSUig9/8Z9Im6U1o51rbbSWSjOGyFSNjljcoHJ1WOoVit/PIAyhIhU1gaUV2hqIc+owaWo+LV/zSC9Myv3IxhUGoryuozM+z2krXk+ywzMcVR3kWXyY2qqMmHRkljnYknchoSDJd0bthwQ5t0daGnzLoqeql8hwOveN7hVIDg5SCOnybgesjVQN9x8leb9OifmVOA7Gj3sYP9Czmh1kWqvNwM2KROo8tyDszsl78==mHv/-----END PGP SIGNATURE-----
Related news
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a critical
Cacti version 1.2.22 suffers from a remote command execution vulnerability.
This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user.
A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a patched version of Cacti (1.2.23 and 1.3.0). The issue in question relates to
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVE...
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.