Cacti: Multiple vulnerabilities — GLSA 200803-18

Multiple vulnerabilities were discovered in Cacti.

Affected packages

net-analyzer/cacti on all architectures
Affected versions < 0.8.7b
Unaffected versions >= 0.8.7b
revision >= 0.8.6j-r8

Background

Cacti is a web-based network graphing and reporting tool.

Description

The following inputs are not properly sanitized before being processed:

  • "view_type" parameter in the file graph.php, "filter" parameter in the file graph_view.php, "action" and "login_username" parameters in the file index.php (CVE-2008-0783).
  • "local_graph_id" parameter in the file graph.php (CVE-2008-0784).
  • "graph_list" parameter in the file graph_view.php, "leaf_id" and "id" parameters in the file tree.php, "local_graph_id" in the file graph_xport.php (CVE-2008-0785).

Furthermore, CRLF injection attack are possible via unspecified vectors (CVE-2008-0786).

Impact

A remote attacker could exploit these vulnerabilities, leading to path disclosure, Cross-Site Scripting attacks, SQL injection, and HTTP response splitting.

Workaround

There is no known workaround at this time.

Resolution

All Cacti users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.7b"

References

Release date
March 10, 2008

Latest revision
May 28, 2009: 02

Severity
normal

Exploitable
remote

Bugzilla entries