Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-5261

The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.

Related bugs and status

CVE-2014-5261 (Candidate) is related to these bugs:

Bug #1210822: Please backport cacti security fixes

		In	Importance	Status
1210822	Please backport cacti security fixes	cacti (Ubuntu)	Medium	Fix Released
1210822	Please backport cacti security fixes	cacti (Ubuntu Vivid)	Medium	Fix Released
1210822	Please backport cacti security fixes	cacti (Ubuntu Precise)	Medium	Won't Fix
1210822	Please backport cacti security fixes	cacti (Ubuntu Utopic)	Medium	Fix Released
1210822	Please backport cacti security fixes	cacti (Ubuntu Trusty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014081...
MLIST: [oss-security] 2014081...
MISC: https://bugzilla.redha...
BID: 69213
DEBIAN: DSA-3007
GENTOO: GLSA-201607-05
CONFIRM: http://svn.cacti.net/v...
XF: cacti-multiple-unspeci...