SNS Vulnerability

Cacti "graphs_new.php" SQL Injection Vulnerability

Description

(:A SQL injection vulnerability has been identified in Cacti.:A remote attacker could exploit it by sending crafted URLs that include SQL statements in order to modify or delete entries in some database tables.::The vulnerability is due to an improper validation of user-supplied input used in SQL queries in the "graphs_new.php" page.::A proof of concept is available.::The cacti packages provided by Debian Squeeze 6, Wheezy 7 and Jessie 8 are vulnerable.)

Vulnerable Products

Vulnerable OS:
FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 6, 7, 8openSUSE (SUSE) - 13.1, 13.2, 42.1Vulnerable Software:
Cacti (The Cacti Group) - 0.5, 0.6, 0.6.1, 0.6.2, 0.6.3, ..., 0.8.8b, 0.8.8c, 0.8.8d, 0.8.8e, 0.8.8f

Solution

Fixed cacti packages for FreeBSD are available.

CVE

CVE-2015-8604

References

- cacti : 0002652 SQL injection in graphs_new.php
http://bugs.cacti.net/view.php?id=2652
- Debian Security Tracker : cacti
https://security-tracker.debian.org/tracker/CVE-2015-8604
- Cacti 0.8.8f graphs_new.php SQL Injection ? Packet Storm
https://packetstormsecurity.com/files/135191/cacti088fgraphs-sql.txt
- DLA 386-1 : cacti security update
https://lists.debian.org/debian-lts-announce/2016/01/msg00009.html
- openSUSE-SU-2016:0438-1 : Security update for cacti
http://lists.opensuse.org/opensuse-updates/2016-02/msg00078.html
- openSUSE-SU-2016:0437-1 : Security update for cacti
http://lists.opensuse.org/opensuse-updates/2016-02/msg00077.html
- openSUSE-SU-2016:0440-1 : Security update for cacti
http://lists.opensuse.org/opensuse-updates/2016-02/msg00080.html
- Cacti : 0.8.8g
http://www.cacti.net/changelog.php
- DSA 3494-1 : cacti security update https://lists.debian.org/debian-security-announce/2016/msg00064.html
- VuXML : cacti -- multiple vulnerabilities
http://www.vuxml.org/freebsd/db3301be-e01c-11e5-b2bd-002590263bf5.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-01-05

Target Type

Server

Possible exploit

Remote