[VulnWatch] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities

From: iDEFENSE Labs (labs-no-reply_at_idefense.com)
Date: 06/22/05

  • Next message: iDEFENSE Labs: "[VulnWatch] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability"
    Date: Wed, 22 Jun 2005 09:54:10 -0400
    To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>, <full-disclosure@lists.grok.org.uk>
    
    

    Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities

    iDEFENSE Security Advisory 06.22.05
    www.idefense.com/application/poi/display?id=267&type=vulnerabilities
    June 22, 2005

    I. BACKGROUND

    Cacti is a round-robin database (RRD) tool that helps create graphs from

    database information and is available on multiple Linux distributions.

    II. DESCRIPTION

    Remote exploitation of an input validation vulnerability in various
    vendors implementations of Cacti graph creation tool allows an attacker
    to make arbitrary SQL queries.

    Cacti contains an input validation error in the config_settings.php
    script which allows an attacker to execute arbitrary SQL queries. This
    in effect allows an attacker to recover the administrative password for
    the Cacti installation. Various scripts are vulnerable to SQL injection
    using the 'id' variable.

    III. ANALYSIS

    Successful exploitation of this vulnerability allows a remote attacker
    to gain access to the encrypted administrative password for Cacti. An
    attacker can then attempt to crack the password and gain administrative
    access.

    IV. DETECTION

    iDEFENSE has confirmed the existence of this vulnerability on Cacti
    0.8.6c. Earlier versions are suspected vulnerable. The following vendors

    distribute susceptible Cacti packages within their respective operating
    system distributions:
            
            The FreeBSD Project
            Gentoo Foundation
            Novell, Inc. (SuSE)
            The Debian Project (SuSE)

    V. WORKAROUND

    Require authentication to access the Cacti installation. Restrict access

    to web servers using Cacti to only trusted hosts.

    VI. VENDOR RESPONSE

    Cacti 0.8.6e has been released to address this vulnerability and is
    available for download at:

       http://www.cacti.net/downloads/cacti-0.8.6e.tar.gz
       or
       http://www.cacti.net/downloads/cacti-0.8.6e.zip

    Release notes for Cacti 0.8.6e can be found at:

       http://www.cacti.net/release_notes_0_8_6e.php

    VII. CVE INFORMATION

    The Common Vulnerabilities and Exposures (CVE) project has assigned the
    name CAN-2005-1525 to this issue. This is a candidate for inclusion in
    the CVE list (http://cve.mitre.org), which standardizes names for
    security problems.

    VIII. DISCLOSURE TIMELINE

    05/12/2005 Initial vendor notification
    05/15/2005 Initial vendor response
    06/22/2005 Coordinated public disclosure

    IX. CREDIT

    The discoverer of this vulnerability wishes to remain anonymous.

    Get paid for vulnerability research
    http://www.idefense.com/poi/teams/vcp.jsp

    Free tools, research and upcoming events
    http://labs.idefense.com

    X. LEGAL NOTICES

    Copyright (c) 2005 iDEFENSE, Inc.

    Permission is granted for the redistribution of this alert
    electronically. It may not be edited in any way without the express
    written consent of iDEFENSE. If you wish to reprint the whole or any
    part of this alert in any other medium other than electronically, please
    email customerservice@idefense.com for permission.

    Disclaimer: The information in the advisory is believed to be accurate
    at the time of publishing based on currently available information. Use
    of the information constitutes acceptance for use in an AS IS condition.
    There are no warranties with regard to this information. Neither the
    author nor the publisher accepts any liability for any direct, indirect,
    or consequential loss or damage arising from use of, or reliance on,
    this information.


  • Next message: iDEFENSE Labs: "[VulnWatch] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability"

    Relevant Pages