ALAS-2013-222


Amazon Linux AMI Security Advisory: ALAS-2013-222
Advisory Release Date: 2014-09-15 23:22 Pacific
Severity: Medium

Issue Overview:

(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.


Affected Packages:

cacti


Issue Correction:
Run yum update cacti to update your system.

New Packages:
noarch:
    cacti-0.8.8b-2.10.amzn1.noarch

src:
    cacti-0.8.8b-2.10.amzn1.src