drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Cacti
| Name: |
Ausführen beliebiger Kommandos in Cacti |
|
| ID: |
USN-7226-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS |
|
| Datum: |
Fr, 24. Januar 2025, 06:46 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2022-46169 |
|
| Applikationen: |
Cacti |
|
Originalnachricht |
--===============8467336790720342661==
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
--=-=-=
Content-Type: text/plain
==========================================================================
Ubuntu Security Notice USN-7226-1
January 23, 2025
cacti vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Cacti could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
- cacti: web interface for graphing of monitoring systems
Details:
It was discovered that Cacti did not properly sanitize the 'poller_id'
parameter in the "remote_agent.php" file. A remote attacker could
possibly use this issue to achieve remote code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
cacti 1.2.19+ds1-2ubuntu1.1+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
cacti 1.2.10+ds1-1ubuntu1.1+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
cacti 1.1.38+ds1-1ubuntu0.1~esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7226-1
CVE-2022-46169
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQHZBAEBCgBDFiEEBcMY+nwS2CY71sUWc4vdAqvdlsYFAmeSU+ElHGdpYW1wYW9s
by5mcmVzaS5yb2dsaWFAY2Fub25pY2FsLmNvbQAKCRBzi90Cq92WxuV0C/9Z60q+
4pheqBl/sGZV62HtT6B0eJ+Yo5B1bwiWW/UTXmmxDCT7GV+P9l28h8LQ7A5TRam/
2DPal9+SDvf5FplRe2EW+uyX2xAkLKqafHJgHl6QF2Pcry8+3Ry05dMA+7eiqqJa
pmvTK5UDpBNTZDhFyFBS1e2YuQpE89GRBifwRWYRS0D9nAODPOpXOz8xqKGO5nq3
A7K4mjKvwiZW2KaNZni2YgqLH+jSAbdoK5e5YmLUMkpfOhfof2MMRi9GLyhM55Xu
OG0y6F2mD2iZtccGKn6sZ+VoMSYddTS1C6/fPhd7p0p7kMS5wHM+dWJRMYruoJkg
TJV9rnrRfcSdKVGZXCZe2/YTmbxbuMvBHTipQytDZtOLviBmH3+uS6yQ4/AkQiXy
BetV4S/EP7UW8IQVvz/TV5olsf1przJYpXQt1bku5z8LAAcvZseew5PS+LNaahQG
KCEZfffmjdv+m5QhXwr00LdTfrxwdaKhZW4GeDEv5mSwA7nJmuyQzRW3/n8=
=p9tR
-----END PGP SIGNATURE-----
--=-=-=--
--===============8467336790720342661==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--===============8467336790720342661==--
|
|
|
|
