Debian Security Advisory 1954 cacti – insufficient input sanitising

32
Article Source Debian Security Advisories
December 15, 2009, 4:00 pm

 

Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems:

 

  • CVE-2007-3112, CVE-2007-3113
    It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start and graph_end parameters. This issue only affects the oldstable (etch) version of cacti…