Cacti SQL Injection Filter Bypass

2005-07-02T14:43:36
ID OSVDB:17721
Type osvdb
Reporter Stefan Esser(sesser@hardened-php.net)
Modified 2005-07-02T14:43:36

Description

Vulnerability Description

Cacti contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the user input filters that were added to the Cacti 0.8.6e codebase to address the possible SQL Injections, which were wrongly implemented and can be tricked to let injection attacks through. This may allow an attacker to perform multiple SQL injections, which may allow exploitation to gain administrative privileges and perform arbitrary SQL queries.

These attacks require that "register_globals" is enabled.

Solution Description

Upgrade to version 0.8.6f or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cacti contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the user input filters that were added to the Cacti 0.8.6e codebase to address the possible SQL Injections, which were wrongly implemented and can be tricked to let injection attacks through. This may allow an attacker to perform multiple SQL injections, which may allow exploitation to gain administrative privileges and perform arbitrary SQL queries.

These attacks require that "register_globals" is enabled.

References:

Vendor URL: http://www.cacti.net/ Vendor Specific News/Changelog Entry: http://www.cacti.net/release_notes_0_8_6f.php Security Tracker: 1014361 Secunia Advisory ID:16050 Secunia Advisory ID:16136 Secunia Advisory ID:15908 Other Advisory URL: http://www.hardened-php.net/advisory-032005.php Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html Other Advisory URL: http://www.debian.org/security/2005/dsa-764 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0029.html CVE-2005-2148