870821 – (CVE-2014-2326) VUL-0: CVE-2014-2326: cacti: xss attacjs ub 0.8.7g

Bug 870821 (CVE-2014-2326) - VUL-0: CVE-2014-2326: cacti: xss attacjs ub 0.8.7g

Summary: VUL-0: CVE-2014-2326: cacti: xss attacjs ub 0.8.7g

Status:	RESOLVED FIXED

Alias:	CVE-2014-2326

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 12.3

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Aeneas Jaißle
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/97398/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-03-28 10:23 UTC by Marcus Meissner
Modified:	2018-08-03 22:11 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-03-28 10:23:36 UTC

CVE-2014-2326

Cross-site scripting (XSS) vulnerability in Cacti 0.8.7g allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2326
http://www.cvedetails.com/cve/CVE-2014-2326/
http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html 
http://www.securityfocus.com/bid/66390

Comment 1 Swamp Workflow Management 2014-03-28 23:00:13 UTC

bugbot adjusting priority

Comment 2 Aeneas Jaißle 2014-04-13 20:38:50 UTC

Patch found here [1] fixes the issues. I'm preparing an update atm.

[1] http://www.cacti.net/download_patches.php?version=0.8.8b

Comment 3 Aeneas Jaißle 2014-04-13 21:33:35 UTC

https://build.opensuse.org/project/show/home:aeneas_jaissle:branches:OBS_Maintained:cacti

Comment 4 Marcus Meissner 2014-04-16 16:11:47 UTC

feel free to submit the sr

Comment 5 Aeneas Jaißle 2014-04-17 08:49:33 UTC

SR#230430

Comment 6 Swamp Workflow Management 2014-05-02 13:07:54 UTC

openSUSE-SU-2014:0600-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 837440,870821,872008
CVE References: CVE-2013-5588,CVE-2013-5589,CVE-2014-2326,CVE-2014-2328,CVE-2014-2708,CVE-2014-2709
Sources used:
openSUSE 13.1 (src):    cacti-0.8.8b-4.1
openSUSE 12.3 (src):    cacti-0.8.8b-5.8.1, cacti-spine-0.8.8b-4.4.1

Comment 7 Alexander Bergmann 2014-05-02 17:07:18 UTC

Fixed and released. Closing bug.

Comment 8 Swamp Workflow Management 2018-07-28 18:11:08 UTC

This is an autogenerated message for OBS integration:
This bug (870821) was mentioned in
https://build.opensuse.org/request/show/625957 Backports:SLE-12 / cacti

Comment 9 Swamp Workflow Management 2018-08-03 22:11:47 UTC

openSUSE-OU-2018:2194-1: An update that fixes 33 vulnerabilities is now available.

Category: optional (low)
Bug References: 022564,1047512,1048102,1050950,1051633,1054390,1054742,1067163,1067164,1067166,1068028,1101024,1101139,837440,862993,867607,870821,872008,934187,937997,958863,958977,960678,965930,971357,974013
CVE References: CVE-2006-6799,CVE-2007-3112,CVE-2007-3113,CVE-2013-5588,CVE-2013-5589,CVE-2014-2326,CVE-2014-2327,CVE-2014-2328,CVE-2014-2708,CVE-2014-2709,CVE-2014-4000,CVE-2014-4002,CVE-2014-5025,CVE-2014-5026,CVE-2015-4342,CVE-2015-4634,CVE-2015-8369,CVE-2015-8377,CVE-2015-8604,CVE-2016-2313,CVE-2016-3172,CVE-2016-3659,CVE-2017-10970,CVE-2017-11163,CVE-2017-11691,CVE-2017-12065,CVE-2017-12927,CVE-2017-12978,CVE-2017-15194,CVE-2017-16641,CVE-2017-16660,CVE-2017-16661,CVE-2017-16785
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    cacti-1.1.38-2.1