Launchpad CVE tracker

CVE 2014-2709

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

Related bugs and status

CVE-2014-2709 (Candidate) is related to these bugs:

Bug #1210822: Please backport cacti security fixes

		In	Importance	Status
1210822	Please backport cacti security fixes	cacti (Ubuntu)	Medium	Fix Released
1210822	Please backport cacti security fixes	cacti (Ubuntu Vivid)	Medium	Fix Released
1210822	Please backport cacti security fixes	cacti (Ubuntu Precise)	Medium	Won't Fix
1210822	Please backport cacti security fixes	cacti (Ubuntu Utopic)	Medium	Fix Released
1210822	Please backport cacti security fixes	cacti (Ubuntu Trusty)	Medium	Fix Released

Bug #1303492: Sync cacti 0.8.8b+dfsg-4 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1303492	Sync cacti 0.8.8b+dfsg-4 (universe) from Debian unstable (main)		cacti (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014040...
CONFIRM: https://bugs.debian.or...
FEDORA: FEDORA-2014-4892
FEDORA: FEDORA-2014-4928
BID: 66630
SECUNIA: 57647
DEBIAN: DSA-2970
SECUNIA: 59203
GENTOO: GLSA-201509-03
CONFIRM: http://svn.cacti.net/v...

Launchpad.net

CVE 2014-2709

Related bugs and status

Related bugs

References