OpenPKG Security Advisory
OpenPKG-SA-2007.001
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.001 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.001 Advisory Published: 2008-10-06 23:04 UTC Issue Id (internal): OpenPKG-SI-20070101.01 Issue First Created: 2007-01-01 Issue Last Modified: 2007-01-01 Issue Revision: 10
Subject Name: Cacti Subject Summary: Network Monitoring and Graphing Frontend Subject Home: http://www.cacti.net/ Subject Versions: * <= 0.8.6i Vulnerability Id: none Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: manipulation of data, arbitrary code execution Description: Three vulnerabilities have been identified and exploited [0] in the network monitoring and graphing frontend Cacti [1], versions up to and including 0.8.6i. They can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems. First, the "cmd.php" script does not properly restrict access to command line usage and is installed in a Web-accessible location. Successful exploitation requires that the PHP variable "register_argc_argv" is enabled, which is the default in the OpenPKG "cacti" package. Second, input passed in the URL to "cmd.php" is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires again that the PHP variable "register_argc_argv" is enabled, which is the default in the OpenPKG "cacti" package. Third, the results from the SQL queries passed by an attacker to "cmd.php" are not properly sanitised before being used as shell commands. This can be exploited to inject arbitrary shell commands, too. References: [0] http://www.milw0rm.com/exploits/3029 [1] http://www.cacti.net/
Primary Package Name: cacti Primary Package Home: http://openpkg.org/go/package/cacti Affected Distribution: Affected Branch: Affected Package: OpenPKG Enterprise E1.0-SOLID cacti-0.8.6i-E1.0.0 OpenPKG Community 2-STABLE-20061018 cacti-0.8.6i-2.20061018 OpenPKG Community 2-STABLE cacti-0.8.6i-2.20061018 OpenPKG Community CURRENT cacti-0.8.6i-20061013 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID cacti-0.8.6i-E1.0.1 OpenPKG Community 2-STABLE-20061018 cacti-0.8.6i-2.20070101 OpenPKG Community 2-STABLE cacti-0.8.6i-2.20070101 OpenPKG Community CURRENT cacti-0.8.6i-20070101
