perfsonar-announce - Notice on Cacti vulnerabilities
Subject: perfSONAR Announcements
List archive
- From: Jason Zurawski <>
- To: "" <>, perfsonar-announce <>
- Cc: "" <>
- Subject: Notice on Cacti vulnerabilities
- Date: Mon, 25 Aug 2014 15:48:49 -0400
Greetings;
Please be aware that there are two recently announced vulnerabilities for the
Cacti product:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5261
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5262
If you are running the most recent version of the perfSONAR Toolkit, please
note that access to Cacti has been restricted to function only for users that
have an account on the system (e.g. no more un-authenciated guest access)
which will mitigate the vulnerabilities above. The upcoming 3.4 release of
perfSONAR will not feature this product in the distribution.
For those looking to completely remove the offending software, remove the
contents of this directory: /opt/perfsonar_ps/toolkit/web/root/admin/cacti
Thanks;
perfSONAR Development Team
- Notice on Cacti vulnerabilities, Jason Zurawski, 08/25/2014
Archive powered by MHonArc 2.6.16.