626828 – (CVE-2017-12065) <net-analyzer/cacti-1.1.20: Possible code execution via avgnan, outlier-start, or outlier-end parameter

Bug 626828 (CVE-2017-12065) - <net-analyzer/cacti-1.1.20: Possible code execution via avgnan, outlier-start, or outlier-end parameter

Summary: <net-analyzer/cacti-1.1.20: Possible code execution via avgnan, outlier-start...

Status:	RESOLVED FIXED

Alias:	CVE-2017-12065

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:	C1 [glsa cve]
Keywords:

Depends on:	CVE-2017-12066
Blocks:
	Show dependency tree

Reported:	2017-08-01 19:01 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2017-11-11 19:58 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-08-01 19:01:29 UTC

From URL:

Description
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.

Comment 1 Aleksandr Wagner (Kivak) 2017-10-13 23:49:44 UTC

Version 1.1.20 is in the tree and being stabilized in bug 626992.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2017-11-11 19:58:45 UTC

This issue was resolved and addressed in
 GLSA 201711-10 at https://security.gentoo.org/glsa/201711-10
by GLSA coordinator Aaron Bauman (b-man).