The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Cacti: denials of service

Synthesis of the vulnerability 

An attacker can use graph_* parameters of graph_image.php in order to generate a denial of service.
Impacted systems: Cacti, Debian, Fedora.
Severity of this alert: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/09/2007.
Références of this alert: CVE-2007-3112, CVE-2007-3113, DSA-1954-1, FEDORA-2007-2199, MDKSA-2007:184, VIGILANCE-VUL-7175.

Description of the vulnerability 

The Cacti web server, written in PHP language, displays network statistic graphics.

The graph_image.php script generate graphics. It uses several parameters:
 - graph_start: start date expressed as a number of seconds since 1st of January 1970
 - graph_end: end date expressed as a number of seconds since 1st of January 1970
 - graph_height: height of image
 - graph_width: width of image
 - etc.

However, no limit is imposed on these parameters. An attacker can thus use large values in order to force Cacti process to consume a lot of CPU resources.

A remote attacker can therefore create a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as Cacti, Debian, Fedora.

Our Vigil@nce team determined that the severity of this weakness note is low.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 2 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness bulletin.

Solutions for this threat 

Cacti: patch.
A patch is available:
http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956

Debian: new cacti packages.
New packages are available:
  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6_all.deb
  http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1_all.deb

Fedora 7: new cacti packages.
New packages are available:
657a629ec4fc4fbfdb01ae7cd7394e0896cff155 cacti-0.8.6j-8.fc7.noarch.rpm
6a512f473b6c726bbb67bb85985f4d09c66f0740 cacti-0.8.6j-8.fc7.src.rpm

Mandriva: new cacti packages.
New packages are available:
 
 Corporate 4.0:
 0c6f53c1812f0a5e8e5ae5206812dee4 corporate/4.0/i586/cacti-0.8.6f-3.2.20060mlcs4.noarch.rpm
 a2a965f19a5e7071c30963026f4841bc corporate/4.0/SRPMS/cacti-0.8.6f-3.2.20060mlcs4.src.rpm
 Corporate 4.0/X86_64:
 546c9a6b1e489ae63994efe8060f6e7a corporate/4.0/x86_64/cacti-0.8.6f-3.2.20060mlcs4.noarch.rpm
 a2a965f19a5e7071c30963026f4841bc corporate/4.0/SRPMS/cacti-0.8.6f-3.2.20060mlcs4.src.rpm
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities workaround. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.