The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Cacti: command injections

Synthesis of the vulnerability 

An attacker can inject SQL and shell commands via the cmd.php and copy_cacti_user.php scripts of Cacti.
Impacted products: Cacti, Debian, openSUSE, Unix (platform) ~ not comprehensive.
Severity of this bulletin: 3/4.
Creation date: 12/01/2007.
Références of this threat: BID-21799, CERTA-2002-AVI-065, CERTA-2007-AVI-001, CVE-2006-6799, DSA-1250-1, MDKSA-2007:015, SUSE-SA:2007:007, VIGILANCE-VUL-6465.

Description of the vulnerability 

The Cacti web server displays network statistic graphics, and is written in PHP language.

Several scripts contains parameter check errors. An attacker can inject SQL or shell commands. These vulnerabilities can be exploited when the register_argc_argv PHP variable is set.

An attacker can thus execute code on server.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness announce impacts software or systems such as Cacti, Debian, openSUSE, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this vulnerability alert is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer threat announce.

Solutions for this threat 

Cacti: version 0.8.6j.
Version 0.8.6j is corrected:
  http://www.cacti.net/download_cacti.php

Cacti: patch.
Two patches are available:
  http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-poller-0.8.6i.patch
  http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-scripts-0.8.6i.patch

Debian: new cacti packages.
New packages are available:
  Source archives:
    http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge4.dsc
      Size/MD5 checksum: 595 afdce1f2bdbfc1aebfc501000ccb2bac
    http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge4.diff.gz
      Size/MD5 checksum: 55933 4efcecdf5f5e90d65b0e00e6d762315c
    http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz
      Size/MD5 checksum: 1046586 b4130300f671e773ebea3b8f715912c1
  Architecture independent components:
    http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge4_all.deb
      Size/MD5 checksum: 1059312 9bda882e046d818faa056d5e7dfaff71

Mandriva: new cacti packages.
New packages are available:
 
 Corporate 4.0:
 5d8b682ea63e6f0624c38cc8350206a9 corporate/4.0/i586/cacti-0.8.6f-3.1.20060mlcs4.noarch.rpm
 b61668c2bb193cbad1a097a674405017 corporate/4.0/SRPMS/cacti-0.8.6f-3.1.20060mlcs4.src.rpm
 Corporate 4.0/X86_64:
 8b9cf3a6ef01c3d6d72fe45796a6def5 corporate/4.0/x86_64/cacti-0.8.6f-3.1.20060mlcs4.noarch.rpm
 b61668c2bb193cbad1a097a674405017 corporate/4.0/SRPMS/cacti-0.8.6f-3.1.20060mlcs4.src.rpm

SUSE: new cacti packages.
New packages are available:
   openSUSE 10.2:
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/noarch/cacti-0.8.6h-36.2.noarch.rpm
         07c272d8361d3df0a7e6cc2e60bc5f91
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/cacti-0.8.6h-15.2.noarch.rpm
         f39396766d9bd4d2525c5816ba4c54fd
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/noarch/cacti-0.8.6f-2.2.noarch.rpm
         9660cc595d97155362fd4643db8d6f14
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/noarch/cacti-0.8.6e-2.5.noarch.rpm
         d2c682194c800678bf0dca0e151d0cd7
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability patch. The Vigil@nce vulnerability database contains several thousand vulnerabilities.