607732 – (CVE-2014-4000) <net-analyzer/cacti-1.1.20: Multiple vulnerabilities

Bug 607732 (CVE-2014-4000) - <net-analyzer/cacti-1.1.20: Multiple vulnerabilities

Summary: <net-analyzer/cacti-1.1.20: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2014-4000

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://www.cacti.net/release_notes_1_...
Whiteboard:	C3 [glsa cve]
Keywords:

Depends on:	CVE-2017-12066
Blocks:
	Show dependency tree

Reported:	2017-01-30 16:41 UTC by ncl
Modified:	2017-11-11 19:58 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ncl 2017-01-30 16:41:18 UTC

Cacti 1.0.0 has released recently fixing several bugs and at least 2 notable vulnerabilities.

CVE-2014-4000: PHP Object Injection Vulnerabilities
CVE-2016-2313: allows remote authenticated users who use web authentication to bypass intended access


http://www.cacti.net/release_notes_1_0_0.php

Comment 1 Aleksandr Wagner (Kivak) 2017-10-13 23:53:42 UTC

Version 1.1.20 is in the tree and being stabilized in bug 626992.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2017-11-11 19:58:37 UTC

This issue was resolved and addressed in
 GLSA 201711-10 at https://security.gentoo.org/glsa/201711-10
by GLSA coordinator Aaron Bauman (b-man).