GLSA-200604-07 : Cacti: Multiple vulnerabilities in included ADOdb
High Nessus Plugin ID 21231
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200604-07 (Cacti: Multiple vulnerabilities in included ADOdb)
Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation vulnerability (CVE-2006-0147) and a potential SQL injection vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL injection vulnerability (CVE-2006-0410), and Gulftech Security discovered multiple cross-site-scripting issues (CVE-2006-0806).
There is no known workaround at this time.
SolutionAll Cacti users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/cacti-0.8.6h_p20060108-r2'