Cacti "tree.php" SQL Injection Vulnerability


Description   (:A SQL injection vulnerability has been identified in Cacti.:A remote attacker could exploit it by using URLs that include specially crafted SQL statements in order to modify or delete entries in some database tables.::The vulnerability is due to an improper validation of user-supplied input used in SQL queries in the "parent_id" parameter in the "tree.php" page.::A proof of concept is available.::The cacti packages provided by Debian Wheezy 7 and Jessie 8 are vulnerable.)
     
Vulnerable Products   Vulnerable OS:
GNU/Linux (Debian) - 7, 8openSUSE (SUSE) - 13.2, Leap 42.1Vulnerable Software:
Cacti (The Cacti Group) - 0.8.8g
     
Solution   Fixed cacti packages for Debian Jessie 8 are available.
     
CVE   CVE-2016-3172
     
References   - Cacti : 0002667: Cacti SQL Injection Vulnerability
http://bugs.cacti.net/view.php?id=2667
- Debian Security Tracker : cacti
https://security-tracker.debian.org/tracker/CVE-2016-3172
- Cacti : Release Notes - 0.8.8h
http://www.cacti.net/release_notes_0_8_8h.php
- openSUSE-SU-2016:1328-1 : Security update for cacti
https://lists.opensuse.org/opensuse-updates/2016-05/msg00074.html
- DLA 560-1 : cacti security update
https://lists.debian.org/debian-lts-announce/2016/07/msg00022.html
- Debian : Updated Debian 8: 8.6 released
https://www.debian.org/News/2016/20160917
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-03-07 

 Target Type 
Server 

 Possible exploit 
Remote