-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Feb 2025 17:42:17 +0100 Source: cacti Architecture: source Version: 1.2.16+ds1-2+deb11u5 Distribution: bullseye-security Urgency: high Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Changes: cacti (1.2.16+ds1-2+deb11u5) bullseye-security; urgency=high . [ Bastien Roucariès ] * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-43362: XSS (Cross-Site Scripting) Vulnerability. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS * Fix CVE-2024-43363: Remote Code Execution (RCE) by log poisoning. An admin user can create a device with a malicious hostname containing php code and repeat the installation process to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. * Fix CVE-2024-43364: Stored XSS (Cross-Site Scripting) Vulnerability. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. * Fix CVE-2024-43365: Stored XSS (Cross-Site Scripting) Vulnerability. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. * Fix CVE-2024-45598: Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path. An admin can change Poller Standard Error Log Path parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. * Fix CVE-2024-54145: SQL Injection vulnerability when request automation devices. A SQL injection vulnerability in get_discovery_results function of automation_devices.php.paramter networkconcat into sql_wherewithout Sufficient filtration. * Fix CVE-2025-22604: Authenticated RCE via multi-line SNMP responses Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. * Fix CVE-2025-24367: Arbitrary File Creation leading to RCE An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. * Fix CVE-2025-24368: SQL Injection vulnerability when using tree rules through Automation API Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php ,* finally resulting in SQL injection. * Fix embedded node-dompurify. + Fix CVE-2024-47875: DOMpurify was vulnerable to nesting-based mXSS + Fix CVE-2024-48910: DOMPurify was vulnerable to prototype pollution. . [ Sylvain Beucler ] * Adapt Salsa CI for LTS Checksums-Sha1: f101100f13ed863aa423dcd51410c695217ffe36 2503 cacti_1.2.16+ds1-2+deb11u5.dsc a69b61a006c30aaea6e0d2dd23981c48dfb7cc2b 13562956 cacti_1.2.16+ds1.orig-docs-source.tar.gz e130e91a789af3125d276c5a9022b915cbaea822 7423308 cacti_1.2.16+ds1.orig.tar.gz 6a67dbf5b0942752a04d3d835eb61814939a6206 101376 cacti_1.2.16+ds1-2+deb11u5.debian.tar.xz 3d8f197fb423307a6032b0bd634606d3f3c20eef 6579 cacti_1.2.16+ds1-2+deb11u5_amd64.buildinfo Checksums-Sha256: 38444facf5b7d51f00214b90a7ab654d61b608b1ebb190986a07d919902f6c74 2503 cacti_1.2.16+ds1-2+deb11u5.dsc ce2d29621353ef096a8844ddedb96cc4cd5d2e11a6a26f1022cecbb2a4583fcd 13562956 cacti_1.2.16+ds1.orig-docs-source.tar.gz 2084865fda2f2f6ae0286cce87d9d9886e49a0b3c105228d99226cc027384511 7423308 cacti_1.2.16+ds1.orig.tar.gz 06dbd55e5bd49959e2753a1a16b43b4d342c207e30d19a37a21f9f95318a595e 101376 cacti_1.2.16+ds1-2+deb11u5.debian.tar.xz 65839796d3c3f9179b6528d70ea395c4a10f9d576b790efc682366516802a8df 6579 cacti_1.2.16+ds1-2+deb11u5_amd64.buildinfo Files: a9cc61228202c123372024de266b4431 2503 web optional cacti_1.2.16+ds1-2+deb11u5.dsc 203a2ac99af6ea4a209e505647b398d8 13562956 web optional cacti_1.2.16+ds1.orig-docs-source.tar.gz 29b74097553ab9693820a1e71fc67083 7423308 web optional cacti_1.2.16+ds1.orig.tar.gz 3b449dc0fdf4f8f9ac5bed62f2c068c4 101376 web optional cacti_1.2.16+ds1-2+deb11u5.debian.tar.xz 72766d908600e252fc3c261ef51ba143 6579 web optional cacti_1.2.16+ds1-2+deb11u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmeqXpEACgkQADoaLapB CF8y3xAArx21BpVX6tvAolXbwjIjLHs9SWZuwadnvTpB4BCJx6KVtM2cL8hy5QJu XslMV/qhV1va5fMMhuShw6GWMizSWj5gyPaTBUR44HQXXKxWbQfSjcEeeqhwMfyl q1YuWXTDJfy0j3myonUHOrFAs17yEhfJTFKq+pVY89sQgYIy2WRbvQn5LSEl9QtJ WvLo2rQ+t56frJS+ba2tnYc9QgfaKrGw7Xcs4TFphEXP+vOn1rJC8yDm8HtA+nXl V5GdzaEp3oM/4ZRxxOIIczk6Bu1+fV8jJ9pRvD3K9HqEXXlSY36KjLarsnuzX+4J FHha4lW0eiVCjmei2fxSze5XFvegdvG81YSTCOHY+fYw4a2LDhFzkNXwRZ/A3zFw waK8QtGpkxsUNdYphZ88SyQmmqNRxnXmUpYCHprg6oyWv27yG7YP6zX+nviUrkGH vu/6e37HeaoXiLUOIqHVYGOOrSX4n36XkySj2VM8WfABhkKrM82RtU3nwcE1RREu iyGeyY/8+M8JII+j3YtisqsSoTcmOGN0BInXA56VUVFCvSV5snBglYLnezoWxui+ R/8Cuh/Gdvk7KXEeDk1CcoZ7S5MgF35wP39OZhPhUTaGH5PNAimlEuIhzo2VXczD m+sFvKgkaER8nYS2WawC7K3l54P/wEzRtN5jrkRkHuv7T9Z+mnw= =e5mE -----END PGP SIGNATURE-----
