Cacti Multiple Vulnerabilities Fixed by 0.8.8d


Description   (#Several vulnerabilities were reported in Cacti:#- CVE-2015-4342: SQL injection and Location header injection#- CVE-2015-4454: SQL injection in graph templates#- unspecified SQL injection via the "settings.php" page#- CVE-2015-2665: cross-site scripting.##The Cacti packages published for Debian Squeeze 6, Wheezy 7 and Jessie 8 are vulnerable.#Updated, 21/06/2015:#The cacti packages provided by FreeBSD are vulnerable.)
     
Vulnerable Products   Vulnerable OS:
Fedora (Red Hat) - 22, 23FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 6, 7, 8openSUSE (SUSE) - 13.1, 13.2Vulnerable Software:
Cacti (The Cacti Group) - 0.6, 0.6.1, 0.6.2, 0.6.3, 0.6.4, ..., 0.8.7i, 0.8.8, 0.8.8a, 0.8.8b, 0.8.8c
     
Solution   Fixed cacti packages for Fedora 22 and 23 are available.
     
CVE   CVE-2015-4454
CVE-2015-4342
CVE-2015-2665
     
References   - Cacti : Changelog 0.8.8d
http://www.cacti.net/changelog.php
- DebianSecurityTracker : cacti
https://security-tracker.debian.org/tracker/CVE-2015-4342
https://security-tracker.debian.org/tracker/TEMP-0000000-9422F2
https://security-tracker.debian.org/tracker/TEMP-0000000-F5FB8C
- FG-VD-15-017 : Fortinet Discovers Cacti Cross-Site Scripting (XSS) Vulnerability
http://www.fortiguard.com/advisory/FG-VD-15-017/
https://security-tracker.debian.org/tracker/CVE-2015-2665
https://security-tracker.debian.org/tracker/CVE-2015-4454
- VuXML : cacti -- Multiple XSS and SQL injection vulerabilities
http://www.vuxml.org/freebsd/a3929112-181b-11e5-a1cf-002590263bf5.html
- DSA 3295-1 : cacti security update
https://lists.debian.org/debian-security-announce/2015/msg00191.html
- openSUSE-SU-2015:1133-1 : Security update for cacti
http://lists.opensuse.org/opensuse-updates/2015-06/msg00052.html
- DLA 255-1: cacti security update
https://lists.debian.org/debian-lts-announce/2015/06/msg00022.html
- FEDORA-2016-a8e2be0fe6 : Fedora 23 Update: cacti-0.8.8g-1.fc23
https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html
- FEDORA-2016-4a5ce6a6c0 : Fedora 22 Update: cacti-0.8.8g-1.fc22
https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183454.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - POST : possible version probing in data
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data
3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data
3.2.0
SQL injection Prevention - POST : suspicious OR statement in data
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data
3.2.0
SQL injection Prevention - POST : suspicious CAST statement in data
3.2.0
SQL injection Prevention - GET : suspicious SQL statement in header
4.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-06-10 

 Target Type 
Server 

 Possible exploit 
Remote