-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 09 Feb 2025 14:36:48 +0000
Source: cacti
Architecture: source
Version: 1.2.24+ds1-1+deb12u5
Distribution: bookworm-security
Urgency: medium
Maintainer: Cacti Maintainer <
pkg-cacti-maint@lists.alioth.debian.org> Changed-By: Bastien Roucariès <
rouca@debian.org>
Changes:
cacti (1.2.24+ds1-1+deb12u5) bookworm-security; urgency=medium
.
* Non-maintainer upload by the Security Team.
* Fix CVE-2024-27082: Stored XSS vulnerability.
* Fix CVE-2024-43362: XSS (Cross-Site Scripting) Vulnerability.
The `fileurl` parameter is not properly sanitized when
saving external links in `links.php` . Morever, the said
fileurl is placed in some html code which is passed to
the `print` function in `link.php` and `index.php`,
finally leading to stored XSS
* Fix CVE-2024-43363: Remote Code Execution (RCE) by
log poisoning. An admin user can create a device with
a malicious hostname containing php code and repeat
the installation process to use a php file as the
cacti log file. After having the malicious hostname end
up in the logs (log poisoning), one can simply go to the
log file url to execute commands to achieve RCE.
* Fix CVE-2024-43364: Stored XSS (Cross-Site Scripting) Vulnerability.
The `title` parameter is not properly sanitized when
saving external links in links.php . Morever, the said
title parameter is stored in the database and reflected back
to user in index.php, finally leading to stored XSS.
* Fix CVE-2024-43365: Stored XSS (Cross-Site Scripting) Vulnerability.
The`consolenewsection` parameter is not properly sanitized
when saving external links in links.php . Morever, the said
consolenewsection parameter is stored in the database and
reflected back to user in `index.php`, finally leading
to stored XSS.
* Fix CVE-2024-45598: Local File Inclusion (LFI) Vulnerability
via Poller Standard Error Log Path.
An admin can change Poller Standard Error Log Path parameter in
either Installation Step 5 or in Configuration->Settings->Paths tab
to a local file inside the server. Then simply going to Logs tab and
selecting the name of the local file will show its content
on the web UI.
* Fix CVE-2024-54145: SQL Injection vulnerability when request
automation devices.
A SQL injection vulnerability in get_discovery_results function
of automation_devices.php.paramter networkconcat into
sql_wherewithout Sufficient filtration.
* Fix CVE-2025-22604: Authenticated RCE via multi-line SNMP responses
Due to a flaw in multi-line SNMP result parser, authenticated users
can inject malformed OIDs in the response. When processed by
ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each
OID will be used as a key in an array that is used as part of a
system command, causing a command execution vulnerability.
* Fix CVE-2025-24367: Arbitrary File Creation leading to RCE
An authenticated Cacti user can abuse graph creation and graph
template functionality to create arbitrary PHP scripts in the
web root of the application, leading to remote code
execution on the server.
* Fix CVE-2025-24368: SQL Injection vulnerability when using
tree rules through Automation API
Some of the data stored in automation_tree_rules.php is not
thoroughly checked and is used to concatenate the SQL statement in
build_rule_item_filter() function from lib/api_automation.php ,*
finally resulting in SQL injection.
Checksums-Sha1:
8b0ded08f8413a199c300c3000ba399cbcddf697 2500 cacti_1.2.24+ds1-1+deb12u5.dsc
dddbad3784e15fb61ceb9f0c649e45711d6bf7e3 24226965 cacti_1.2.24+ds1.orig-docs-source.tar.gz
6f258f06289889566b7d6a255b904aae9756d97d 10026982 cacti_1.2.24+ds1.orig.tar.gz
89cd7c2c50c9ee960a0ff4fbad9ad3801e5e3c7c 83448 cacti_1.2.24+ds1-1+deb12u5.debian.tar.xz
c5846e7e879805110e9eedbd602c74f4cede3122 6531 cacti_1.2.24+ds1-1+deb12u5_amd64.buildinfo
Checksums-Sha256:
a4f3d86407d43a9ca1fd0fd5275d5d68687b669bf1764ad89291f3632ae22e66 2500 cacti_1.2.24+ds1-1+deb12u5.dsc
180acdab0fbbbae452bb6f46ad9d406cedcb540967410f71aa69be4a281bb74c 24226965 cacti_1.2.24+ds1.orig-docs-source.tar.gz
4247d8120b0661a2019a0d39f35c6e84cfd4e4161e0791ff233c3e3bd2d571da 10026982 cacti_1.2.24+ds1.orig.tar.gz
2f1cb9f3e23c23bd78aab21c479e1c3c098db2b2182adb6c1a404d06afa53a6b 83448 cacti_1.2.24+ds1-1+deb12u5.debian.tar.xz
5c4d50bbc943a1b07cdc1fc626d5c7633d0e26834303094652329ed33e08e8e6 6531 cacti_1.2.24+ds1-1+deb12u5_amd64.buildinfo
Files:
ca0826dafde2cbebd697b52bd061927a 2500 web optional cacti_1.2.24+ds1-1+deb12u5.dsc
a05d1c5f50554a86fd0eb11f070594a7 24226965 web optional cacti_1.2.24+ds1.orig-docs-source.tar.gz
69cdb0ae5b490a8328e99ad2f161aca6 10026982 web optional cacti_1.2.24+ds1.orig.tar.gz
bc9b3a2fb4381dc3992d25d70ca5a0d4 83448 web optional cacti_1.2.24+ds1-1+deb12u5.debian.tar.xz
29182c09e3c050e7768414c3b455f7f6 6531 web optional cacti_1.2.24+ds1-1+deb12u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmeovvYACgkQADoaLapB CF8h/BAAlE+b7WCZO0efRdMnj0vVNdIQ+/cKdDMpyqd+B8WXGg0auTQeWNVFxR7N SsCsqX1gjgHBHnTy5mYiw4XddqzLnLFSEEhIvEWvTaYkITPeCzH359Gxm4NbbuFG tEPZzvVgFHCKc+BbuCdFs6Ye0XgjH2IWaYljYgWEYxp7sWCZ01lndUOEHYA0dFwv uvsQMRiixSCRmxHMAImQdETKMcoGNjI1NgaT9KUvP0SZC4KUEr5u38C3hjWI4BRY tggjKCaT9lArSWTjj++ZGyiXP/JiROqHxzFR/eZaPPewfPh8Qh0mIepgKDMGh1x3 Xf1meCK/EJE6acHtpYz5TBjsUJH9Wp8RcQxRjnmXcVYPmPMfG7O2qpfauGNofFzK xUhiM1PG7HE0G8yotzga6dFiQMy9SBYCPS2Sm+4sa0wEYSq4Jz3qaHMGQWxO9SlG 9+sJAK0eLX2b5EmAHOOHwCc5TjiPgmqgwkDsx8pOYCB9XinDs3HC7YALclB5XMHC PkU14whC+AS08R8aRf5wALXITvqa8TUMNt0gECjLb8Yf0mUahPPDKJJQBJFdm3fw DtffLHCOxssB/8VhNWxeqFQwMc2/Bqf4b5GVyQcKtoAJbGCageakA1ELIxNXER28 m42skVU5xCLCZ7FDAFlPSJqZIqnbM0d5xIGhrQiwR2ngnzoULGg=
=Nh2y
-----END PGP SIGNATURE-----
--==============F68551584023710548=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ7HMuQAKCRCb9qggYcy5 ITLDAP4ynyJY+zFglMJZ3vfLZPnaYVU3mQRovWexjEX4pvh72wD/XDpNkBBPRo6j UaKwQHJjOmrhcydwc6bWkHvlYfeKbQ4=BIx5
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)