ALAS-2013-222

Amazon Linux 1 (EOL) Security Advisory: ALAS-2013-222
Advisory Released Date: 2013-09-04
Advisory Updated Date: 2014-09-15

Severity: Medium

References: CVE-2013-1434 CVE-2013-1435
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Packages:

cacti

Issue Correction:
Run yum update cacti to update your system.

New Packages:

noarch:
    cacti-0.8.8b-2.10.amzn1.noarch

src:
    cacti-0.8.8b-2.10.amzn1.src

Additional References

Red Hat: CVE-2013-1434, CVE-2013-1435

Mitre: CVE-2013-1434, CVE-2013-1435