Cacti CMD.PHP Remote Command Execution Vulnerability
BID:21799
Info
Cacti CMD.PHP Remote Command Execution Vulnerability
| Bugtraq ID: | 21799 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6799 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 28 2006 12:00AM |
| Updated: | Jan 30 2007 11:18PM |
| Credit: | rgod is credited with the discovery of this vulnerability. |
| Vulnerable: |
S.u.S.E. openSUSE 10.2 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 10.1 Planet Technology WSW-2401 0.8.6 h OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Cacti Cacti 0.8.6 f Cacti Cacti 0.8.6i |
| Not Vulnerable: |
Cacti Cacti 0.8.6j |
Discussion
Cacti CMD.PHP Remote Command Execution Vulnerability
Cacti is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input to the 'cmd.php' script.
Exploiting this issue allows attackers to execute arbitrary commands in the context of the server.
A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.
Cacti 0.8.6i and prior versions are reportedly affected.
Cacti is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input to the 'cmd.php' script.
Exploiting this issue allows attackers to execute arbitrary commands in the context of the server.
A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.
Cacti 0.8.6i and prior versions are reportedly affected.
Exploit / POC
Cacti CMD.PHP Remote Command Execution Vulnerability
Attackers can exploit this issue via a web client.
Reports indicate this issue is being actively exploited in the wild.
The following exploit code is available:
Attackers can exploit this issue via a web client.
Reports indicate this issue is being actively exploited in the wild.
The following exploit code is available:
Solution / Fix
Cacti CMD.PHP Remote Command Execution Vulnerability
Solution:
The vendor has released patches and version 0.8.6j to address this issue. Please see the references for more information.
Cacti Cacti 0.8.6i
Planet Technology WSW-2401 0.8.6 h
Cacti Cacti 0.8.6 f
Solution:
The vendor has released patches and version 0.8.6j to address this issue. Please see the references for more information.
Cacti Cacti 0.8.6i
-
Cacti dec06-vulnerability-poller-0.8.6i.patch
http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-poll er-0.8.6i.patch -
Cacti cacti-0.8.6j.tar.gz
http://www.cacti.net/downloads/cacti-0.8.6j.tar.gz
Planet Technology WSW-2401 0.8.6 h
-
Cacti cacti-0.8.6j.tar.gz
http://www.cacti.net/downloads/cacti-0.8.6j.tar.gz
Cacti Cacti 0.8.6 f
-
SuSE cacti-0.8.6f-2.2.noarch.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/noarch/cacti-0.8.6f-2 .2.noarch.rpm
References
Cacti CMD.PHP Remote Command Execution Vulnerability
References:
References:
- Cacti Homepage (Cacti)
- Release Notes - 0.8.6j (Cacti)
- Re: FW: [cacti-announce] Cacti 0.8.6j Released (Steve Friedl)