| VID |
210028 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Cacti program is vulnerable to an arbitrary command execution vulnerability via the cmd.php script. Cacti is a Web-based frontend to RRDTool (Round Robin Database tool) for network graphing written by PHP. Cacti versions 0.8.6i and earlier could allow a remote attacker to execute arbitrary SQL commands via the second or third arguments to the cmd.php script. If register_argc_argv is enabled, by sending specially-crafted SQL statements to the cmd.php script, a remote attacker could launch SQL injection attacks against the underlying database and even to execute arbitrary code on the affected host with the privileges of the Web server.
* References:
http://forums.cacti.net/about18846.html
http://bugs.cacti.net/view.php?id=883
http://milw0rm.com/exploits/3029
http://www.frsirt.com/english/advisories/2006/5193
http://securitytracker.com/id?1017451
http://secunia.com/advisories/23528
* Platforms Affected:
The Cacti Group, Cacti versions 0.8.6i and earlier
Any operating system Any version |
| Recommendation |
For OpenPKG:
Apply the appropriate OpenPKG cacti package, as listed in OpenPKG Security Advisory OpenPKG-SA-2007.001 at http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html
For other distributions:
No upgrade or patch available as of January 2007.
Upgrade to a version of Cacti greater than 0.8.6i, when new fixed version becomes available from the Cacti Download Web page at http://www.cacti.net/download_cacti.php |
| Related URL |
CVE-2006-6799 (CVE) |
| Related URL |
21799 (SecurityFocus) |
| Related URL |
31177 (ISS) |
|
