| VID |
21675 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Cacti which is older than version 0.8.6f appears as running on the host. Cacti is a Web-based frontend to RRDTool (Round Robin Database tool) for network graphing written by PHP. Cacti versions prior to 0.8.6f are vulnerable to two vulnerabilities as follows:
1) Input passed to the "no_http_headers" parameter isn't properly verified before being used. This can be exploited to overwrite session structures and bypass certain filtering mechanisms. Successful exploitation allows people to gain administrative privileges and perform various SQL injection attacks, but requires that "register_globals" is enabled.
2) An error in the administrative interface can be exploited to inject arbitrary shell commands by manipulating the path to "rrdtool".
* References:
http://www.hardened-php.net/advisory-032005.php
http://www.hardened-php.net/advisory-042005.php
http://www.hardened-php.net/advisory-052005.php
http://secunia.com/advisories/15908/
* Platforms Affected:
Cacti versions prior to 0.8.6f
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Cacti (0.8.6f or later), available from the Cacti Download Web page at http://www.cacti.net/download_cacti.php |
| Related URL |
CVE-2005-2149 (CVE) |
| Related URL |
14128,14129,14130 (SecurityFocus) |
| Related URL |
21241,21242 (ISS) |
|
