Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-2313

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.

Related bugs and status

CVE-2016-2313 (Candidate) is related to these bugs:

Bug #1663891: Security uploads for cacti (trusty and xenial)

		In	Importance	Status
1663891	Security uploads for cacti (trusty and xenial)	cacti (Ubuntu)	Medium	Fix Released
1663891	Security uploads for cacti (trusty and xenial)	cacti (Ubuntu Xenial)	Medium	Fix Released
1663891	Security uploads for cacti (trusty and xenial)	cacti (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.cacti.net/...
CONFIRM: http://www.cacti.net/r...
SUSE: openSUSE-SU-2016:0437
SUSE: openSUSE-SU-2016:0438
SUSE: openSUSE-SU-2016:0440
GENTOO: GLSA-201607-05
SECTRACK: 1037745
GENTOO: GLSA-201711-10