Skip to Content.
Sympa Menu

perfsonar-announce - Notice on Cacti vulnerabilities

Subject: perfSONAR Announcements

List archive

Notice on Cacti vulnerabilities


Chronological Thread 
  • From: Jason Zurawski <>
  • To: "" <>, perfsonar-announce <>
  • Cc: "" <>
  • Subject: Notice on Cacti vulnerabilities
  • Date: Mon, 25 Aug 2014 15:48:49 -0400

Greetings;

Please be aware that there are two recently announced vulnerabilities for the
Cacti product:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5261
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5262

If you are running the most recent version of the perfSONAR Toolkit, please
note that access to Cacti has been restricted to function only for users that
have an account on the system (e.g. no more un-authenciated guest access)
which will mitigate the vulnerabilities above. The upcoming 3.4 release of
perfSONAR will not feature this product in the distribution.

For those looking to completely remove the offending software, remove the
contents of this directory: /opt/perfsonar_ps/toolkit/web/root/admin/cacti

Thanks;

perfSONAR Development Team


  • Notice on Cacti vulnerabilities, Jason Zurawski, 08/25/2014

Archive powered by MHonArc 2.6.16.

Top of Page