Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 626828 (CVE-2017-12065)

Summary: <net-analyzer/cacti-1.1.20: Possible code execution via avgnan, outlier-start, or outlier-end parameter
Product: Gentoo Security Reporter: Christopher Díaz Riveros (RETIRED) <chrisadr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2017-12065
Whiteboard: C1 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 626992    
Bug Blocks:    

Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-01 19:01:29 UTC 
From URL:

Description
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Comment 1 Aleksandr Wagner (Kivak) 2017-10-13 23:49:44 UTC 
Version 1.1.20 is in the tree and being stabilized in bug 626992.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-11-11 19:58:45 UTC 
This issue was resolved and addressed in
 GLSA 201711-10 at https://security.gentoo.org/glsa/201711-10
by GLSA coordinator Aaron Bauman (b-man).