Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cacti: Multiple vulnerabilities
Informations
Name GLSA-201401-20 First vendor Publication 2014-01-21
Vendor Gentoo Last vendor Modification 2014-01-21
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks.

Background

Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality.

Description

Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could execute arbitrary SQL commands via specially crafted parameters, execute arbitrary shell code or inject malicious script code.

Workaround

There is no known workaround at this time.

Resolution

All Cacti users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8b"

References

[ 1 ] CVE-2010-1644 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1644
[ 2 ] CVE-2010-1645 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1645
[ 3 ] CVE-2010-2092 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2092
[ 4 ] CVE-2010-2543 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2543
[ 5 ] CVE-2010-2544 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2544
[ 6 ] CVE-2010-2545 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2545
[ 7 ] CVE-2013-1434 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1434
[ 8 ] CVE-2013-1435 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1435

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201401-20.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201401-20.xml

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
25 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
12 % CWE-94 Failure to Control Generation of Code ('Code Injection')
12 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11696
 
Oval ID: oval:org.mitre.oval:def:11696
Title: DSA-2060 cacti -- insufficient input sanitisation
Description: Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value.
Family: unix Class: patch
Reference(s): DSA-2060
CVE-2010-2092
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): cacti
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13352
 
Oval ID: oval:org.mitre.oval:def:13352
Title: DSA-2060-1 cacti -- insufficient input sanitisation
Description: Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value. For the stable distribution, this problem has been fixed in version 0.8.7b-2.1+lenny3. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.8.7e-4. We recommend that you upgrade your cacti packages.
Family: unix Class: patch
Reference(s): DSA-2060-1
CVE-2010-2092
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): cacti
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19881
 
Oval ID: oval:org.mitre.oval:def:19881
Title: DSA-2739-1 cacti - several
Description: Two security issues (SQL injection and command line injection via SNMP settings) were found in Cacti, a web interface for graphing of monitoring systems.
Family: unix Class: patch
Reference(s): DSA-2739-1
CVE-2013-1434
CVE-2013-1435
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
 Product(s): cacti
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 46

OpenVAS Exploits

Date Description
2012-02-12 Name : Debian Security Advisory DSA 2384-2 (cacti)
File : nvt/deb_2384_2.nasl
2012-02-11 Name : Debian Security Advisory DSA 2384-1 (cacti)
File : nvt/deb_2384_1.nasl
2010-08-30 Name : Cacti Cross Site Scripting and HTML Injection Vulnerabilities
File : nvt/gb_cacti_42575.nasl
2010-08-30 Name : Mandriva Update for cacti MDVSA-2010:160 (cacti)
File : nvt/gb_mandriva_MDVSA_2010_160.nasl
2010-07-06 Name : Debian Security Advisory DSA 2060-1 (cacti)
File : nvt/deb_2060_1.nasl
2010-06-18 Name : Mandriva Update for cacti MDVSA-2010:117 (cacti)
File : nvt/gb_mandriva_MDVSA_2010_117.nasl
2010-05-25 Name : Cacti Multiple Cross Site Scripting Vulnerabilities
File : nvt/gb_cacti_40332.nasl
2010-05-14 Name : Cacti 'rra_id' Parameter SQL Injection Vulnerability
File : nvt/gb_cacti_40149.nasl
2010-04-16 Name : Mandriva Update for flashplayer MDVA-2010:117 (flashplayer)
File : nvt/gb_mandriva_MDVA_2010_117.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
67529 Cacti user_admin.php Unspecified Parameter XSS
67528 Cacti tree.php Unspecified Parameter XSS
67527 Cacti rra.php Unspecified Parameter XSS
67526 Cacti lib/rrd.php Unspecified Parameter XSS
67525 Cacti lib/html_tree.php Unspecified Parameter XSS
67524 Cacti lib/html.php Unspecified Parameter XSS
67523 Cacti lib/html_form_template.php Unspecified Parameter XSS
67522 Cacti lib/html_form.php Unspecified Parameter XSS
67521 Cacti lib/functions.php Unspecified Parameter XSS
67520 Cacti host_templates.php Unspecified Parameter XSS
67519 Cacti host.php Unspecified Parameter XSS
67518 Cacti graph_view.php Unspecified Parameter XSS
67517 Cacti graph_templates.php Unspecified Parameter XSS
67516 Cacti graph_templates_items.php Unspecified Parameter XSS
67515 Cacti graph_templates_inputs.php Unspecified Parameter XSS
67514 Cacti graphs.php Unspecified Parameter XSS
67513 Cacti graphs_new.php Unspecified Parameter XSS
67512 Cacti graph.php Unspecified Parameter XSS
67511 Cacti gprint_presets.php Unspecified Parameter XSS
67510 Cacti data_templates.php Unspecified Parameter XSS
67509 Cacti data_sources.php Unspecified Parameter XSS
67508 Cacti data_queries.php Unspecified Parameter XSS
67507 Cacti data_input.php Unspecified Parameter XSS
67506 Cacti cdef.php Unspecified Parameter XSS
67505 Cacti templates_import.php XML Template name Element XSS
67412 Cacti on Red Hat High Performance Computing (HPC) utilities.php filter Parame...
67369 Cacti data_sources.php host_id Parameter XSS

Cacti contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'host_id' parameters upon submission to the 'data_sources.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
65014 Cacti host.php Multiple Parameter XSS

Cacti contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'hostname' and 'description' parameters upon submission to the 'host.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
64964 Cacti graph.php rra_id Parameter SQL Injection

Cacti contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'graph.php' script not properly sanitizing user-supplied input to the 'rra_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
63972 Cacti Multiple Function Hostname Editing Arbitrary Shell Command Execution

Cacti contains a flaw that may allow an attacker to execute arbitrary commands. The issue is triggered when a device or a graph template with a specially crafted hostname is created in the management interface.
60566 Cacti graph.php Multiple Parameter XSS

Cacti contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'graph_start' and 'graph_end' parameters upon submission to the graph.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-664.nasl - Type : ACT_GATHER_INFO
2014-01-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-20.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-222.nasl - Type : ACT_GATHER_INFO
2013-08-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_b3b8d4910fbb11e38c501c6f65c11ee6.nasl - Type : ACT_GATHER_INFO
2013-08-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2739.nasl - Type : ACT_GATHER_INFO
2013-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14454.nasl - Type : ACT_GATHER_INFO
2013-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14463.nasl - Type : ACT_GATHER_INFO
2013-08-12 Name : The remote web server is running a PHP application that is affected by comman...
File : cacti_088b.nasl - Type : ACT_GATHER_INFO
2012-01-20 Name : The remote web server is running a PHP application that is affected by multip...
File : cacti_087g.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2384.nasl - Type : ACT_GATHER_INFO
2010-06-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2060.nasl - Type : ACT_GATHER_INFO
2010-05-04 Name : The remote web server is running a PHP application that is affected by multip...
File : cacti_087e.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1954.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:38:04
  • Multiple Updates
2014-01-21 21:19:41
  • First insertion