Debian Security Updates Patch Cacti Vulnerabilities
Multiple security vulnerabilities were discovered in Cacti, a widely used web interface for monitoring system graphs. These vulnerabilities, if exploited, could lead to severe consequences such as cross-site scripting (XSS), SQL injection, or command injection. In response, the Debian security team has promptly released security updates to mitigate these vulnerabilities in Debian 11 “Bullseye” and Debian 12 “Bookworm” releases.
Let’s delve into the specifics of these vulnerabilities and the corresponding fixes:
Cacti Vulnerabilities Fixed in Debian 11 and Debian 12
CVE-2023-39360
This vulnerability involves a Stored Cross-Site Scripting (XSS) exploit, allowing authenticated users to manipulate data. By bypassing certain validations and exploiting the returnto
parameter in graphs_new.php
, attackers can poison data, potentially compromising the integrity of the system.
CVE-2023-39513
Another XSS vulnerability, this time affecting data stored in the Cacti database. By injecting malicious code into data-query templates, attackers can execute JavaScript code in the victim’s browser, posing a significant threat to system security.
CVE-2023-49084
This vulnerability exposes Cacti to SQL injection attacks due to insufficient processing of include file paths. Authorized users could exploit this vulnerability in link.php
, potentially leading to the execution of arbitrary code on the server.
CVE-2023-49085
In versions prior to 1.2.25, an SQL injection vulnerability exists in pollers.php
, allowing authorized users to execute arbitrary SQL code, posing a serious risk to data integrity.
CVE-2023-49086
Exploiting a bypass in an earlier fix (CVE-2023-39360), attackers can launch a DOM XSS attack via graphs_new.php
, potentially executing arbitrary JavaScript code in the victim’s browser.
CVE-2023-49088
Despite an attempted fix for CVE-2023-39515, an incomplete patch in version 1.2.25 enables adversaries to execute malicious code via data_debug.php
, posing a threat to users with specific permissions.
CVE-2023-50250
This vulnerability enables reflection XSS attacks via templates_import.php
, potentially allowing attackers to impersonate users and perform unauthorized actions.
CVE-2023-50569
Reflected Cross-Site Scripting (XSS) vulnerability in Cacti v1.2.25 allows remote attackers to escalate privileges when uploading an XML template file via templates_import.php
.
Mitigation Efforts
To address these Cacti vulnerabilities, Debian has released fixes for both the oldstable (Bullseye) and stable (Bookworm) distributions. Users are strongly advised to upgrade their Cacti packages to the patched versions (1.2.16+ds1-2+deb11u3 for Bullseye and 1.2.24+ds1-1+deb12u2 for Bookworm) to mitigate the risk of exploitation.
To ensure the maximum protection of the Debian system, users can leverage the KernelCare live patching solution for automated vulnerability patching without needing to reboot the system or schedule downtime. KernelCare offers live patching for all popular Linux distributions, including Debian, Ubuntu, AlmaLinux, CentOS, Rocky Linux, RHEL, Oracle Linux, CloudLinux, Amazon Linux, and more.
To learn more about live patching strategy and modernizing your Linux patching approach, send patching-related questions to a TuxCare security expert.
Source: DSA 5646-1