My next class:

Cacti remote code and SQL injection vulnerability

Published: 2006-12-28. Last Updated: 2006-12-29 04:30:11 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version).  The vulnerabilities include SQL injection and possible remote code execution.  There is public proof-of-concept code available.  If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.

References:
Secunia bullentin: http://secunia.com/advisories/23528/
CVE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6799
Cacti home: http://www.cacti.net


Jim Clausing,  jclausing %% at %% isc dot sans dot org
Keywords:
0 comment(s)
My next class:

Comments


Diary Archives