SNS Vulnerability

Cacti Three Vulnerabilities

Description

Several vulnerabilities have been identified in Cacti:
- CVE-2013-5588: cross-site scripting via the "step" parameter in the "/install/index.php" script and stored cross-site scripting via the "id" parameter in the "/cacti/host.php" script
- CVE-2013-5589: blind SQL injection via the "id" parameter in the "/cacti/host.php" script
Updated, 09/05/2014:
The cacti and cacti-spine packages provided by NetBSD are vulnerable.
Updated, 21/06/2015:
The cacti packages provided by FreeBSD are vulnerable.

Vulnerable Products

Vulnerable OS:
Enterprise Server (Mandriva) - 5, 5/X86_64Fedora (Red Hat) - 18, 19FreeBSD (FreeBSD)GNU/Linux (Debian) - 6, 7NetBSD (NetBSD) - 4.0.1, 5.0.2, 5.1, 5.1.2, 5.2, 6, 6.1openSUSE (SUSE) - 12.3, 13.1, 13.2Vulnerable Software:
Cacti (The Cacti Group) - 0.5, 0.6, 0.6.1, 0.6.2, 0.6.3, ..., 0.8.7h, 0.8.7i, 0.8.8, 0.8.8a, 0.8.8b

Solution

Fixed cacti packages for openSUSE 13.2 are available.

CVE

CVE-2013-5589
CVE-2013-5588

References

- seclists : Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b
http://seclists.org/oss-sec/2013/q3/488
Debian Security Tracker : cacti
https://security-tracker.debian.org/tracker/CVE-2013-5588
Debian Security Tracker : cacti
https://security-tracker.debian.org/tracker/CVE-2013-5589
FEDORA-2013-15444 : Fedora 18 Update: cacti-0.8.8b-2.fc18
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115210.html
FEDORA-2013-15466 : Fedora 19 Update: cacti-0.8.8b-2.fc19
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115238.html
MDVSA-2013:228 : cacti
http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:228
- NetBSD : net/cacti
http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/net/cacti/README.html
- openSUSE-SU-2014:0600-1 : cacti: security fixes
cacti-spine: update to
http://lists.opensuse.org/opensuse-updates/2014-05/msg00011.html
- NetBSD : net/cacti
http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/net/cacti/README.html
NetBSD : net/cacti-spine
http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/net/cacti-spine/README.html
- Cacti : Changelog 0.8.8c
http://www.cacti.net/changelog.php
- openSUSE-SU-2015:0479-1 : Security update for cacti
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
- VuXML : cacti -- multiple security vulnerabilities
http://www.vuxml.org/freebsd/a0e74731-181b-11e5-a1cf-002590263bf5.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0
SQL injection Prevention - POST : suspicious CAST statement in data	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2013-08-25

Target Type

Client + Server

Possible exploit

Remote