Debian Security Advisory 1954 cacti – insufficient input sanitising

Article Source Debian Security Advisories
December 15, 2009, 4:00 pm


Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems:


  • CVE-2007-3112, CVE-2007-3113
    It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start and graph_end parameters. This issue only affects the oldstable (etch) version of cacti…