Support / Security / Advisories / Corporate Server 4.0 / MDKSA-2007:184

Package name: cacti
Date: 2007-09-17
Advisory ID: MDKSA-2007:184
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption)
via large values of the graph_start, graph_end, graph_height, or
graph_width parameters.

Updated packages have been patched to prevent this issue.

Updated packages

CS4.0 x86_64

 546c9a6b1e489ae63994efe8060f6e7a  corporate/4.0/x86_64/cacti-0.8.6f-3.2.20060mlcs4.noarch.rpm 
 a2a965f19a5e7071c30963026f4841bc  corporate/4.0/SRPMS/cacti-0.8.6f-3.2.20060mlcs4.src.rpm

CS4.0 i586

 0c6f53c1812f0a5e8e5ae5206812dee4  corporate/4.0/i586/cacti-0.8.6f-3.2.20060mlcs4.noarch.rpm 
 a2a965f19a5e7071c30963026f4841bc  corporate/4.0/SRPMS/cacti-0.8.6f-3.2.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3113