CVE-2014-2327

NameCVE-2014-2327
DescriptionCross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2970-1
Debian Bugs742768

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)stretch0.8.8h+ds1-10+deb9u1fixed
stretch (security)0.8.8h+ds1-10+deb9u2fixed
buster1.2.2+ds1-2+deb10u4fixed
buster (security)1.2.2+ds1-2+deb10u2fixed
bullseye1.2.16+ds1-2fixed
bookworm, sid1.2.20+ds1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisourcesqueeze0.8.7g-1+squeeze4742768
cactisourcewheezy0.8.8a+dfsg-5+deb7u3DSA-2970-1
cactisource(unstable)0.8.8b+dfsg-6742768

Notes

http://bugs.cacti.net/view.php?id=2432
Search for package or bug name: Reporting problems