Cacti 0.8.7e - OS Command Injection

2010-04-22T00:00:00
ID EXPLOITPACK:0D54EB5D5BFD7DEA7E03661F6547AF87
Type exploitpack
Reporter Nahuel Grisolia
Modified 2010-04-22T00:00:00

Description

Cacti 0.8.7e - OS Command Injection

                                        
                                            CVSSv2 Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cacti is prone to a remote command execution vulnerability because the
software fails to adequately sanitize user-suplied input.
Successful attacks can compromise the affected software and possibly
the operating system running Cacti.
The vulnerability can be triggered by any user doing:
1)
Edit or Create a Device with FQDN ‘NotARealIPAddress;CMD;’ (without
single quotes) and Save it.
Edit the Device again and reload any data query already created.
CMD will be executed with Web Server rights.
2)
Edit or Create a Graph Template and use as Vertical Label
‘BonsaiSecLabel";CMD; "’ (without single quotes) and Save it.
Go to Graph Management section and Select it.
CMD will be executed with Web Server rights.
Note that other properties of a Graph Template might also be affected.

===========================================================================
Download:
===========================================================================
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/12339.pdf (Bonsai-OS_Command_Injection_in_Cacti.pdf)


<Bonsai Information Security Advisories>
http://www.bonsai-sec.com/en/research/vulnerability.php