Cacti < 0.8.7f Multiple Input Validation Vulnerabilities

high Nessus Plugin ID 46222

Synopsis

The remote web server is running a PHP application that is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.7f. It is, therefore, potentially affected by the following vulnerabilities :

- A vulnerability exists in 'templates_export.php' due to improper validation of input to the 'export_item_id' parameter. A remote attacker can exploit this to inject SQL queries to disclose arbitrary data. (CVE-2010-1431)

- Cross-site scripting vulnerabilities exist related to the 'host_id' parameter of 'data_sources.php', or the 'hostname' and 'description' parameters of 'host.php', which a remote attacker can exploit to inject arbitrary web script or HTML. (CVE-2010-1644)

- A SQL injection vulnerability in 'graph.php' exists which can be exploited by a remote attacker using specially crafted GET requests to the 'rra_id' parameter which can cause a corresponding POST request or cookie to bypass proper validation. (CVE-2010-2092)

Solution

Upgrade to Cacti 0.8.7f or later.

See Also

http://www.nessus.org/u?39e1a6fb

http://www.nessus.org/u?49d1a123

https://www.securityfocus.com/archive/1/511393/30/0/threaded

http://www.cacti.net/release_notes_0_8_7f.php

Plugin Details

Severity: High

ID: 46222

File Name: cacti_087e.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 5/4/2010

Updated: 9/24/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:cacti:cacti

Required KB Items: installed_sw/cacti, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/21/2010

Vulnerability Publication Date: 4/21/2010

Reference Information

CVE: CVE-2010-1431, CVE-2010-1644, CVE-2010-2092

BID: 39653, 40149, 40332

SECUNIA: 39570