=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN480
_____________________________________________________________________

DATE                      : 25/11/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Cacti versions up to and including 0.8.7e.

======================================================================
http://www.cacti.net/download_patches.php
______________________________________________________________________

Download Official Patches [0.8.7e]

Patches will be listed here for any bug that has been discovered in a
current version of Cacti.

Installation Instructions

Execute the following commands to install all of these patches against
Cacti version 0.8.7e. Be sure that you are in your Cacti directory when
you execute these commands.

wget http://www.cacti.net/downloads/patches/0.8.7e/cli_add_graph.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/snmp_invalid_response.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/template_duplication.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/fix_icmp_on_windows_iis_servers.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
patch -p1 -N < cli_add_graph.patch
patch -p1 -N < snmp_invalid_response.patch
patch -p1 -N < template_duplication.patch
patch -p1 -N < fix_icmp_on_windows_iis_servers.patch
patch -p1 -N < cross_site_fix.patch

List of Patches


Command Line Add Graphs Syntax 	2009/08/18
Fixes command line syntax help in cli/add_graph.php

SNMP Invalid Responses 	2009/08/18
Properly rejects invalid responses from snmp

Template Import/Export Duplication 	2009/08/18
Addresses issue when templates are duplicated and then exported.
A new command line utility has been added to repair any corrupted templates.

Windows IIS Ping Issue 	2009/09/26
Fixes issue with ICMP ping when running Cacti on Windows IIS

Cross-Site Scripting Fixes 	2009/11/21
Addresses cross-site scripting issues reported by Moritz Naumann

Old Versions

Select a version below to download patches for an older version of Cacti.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================