Fixes: * XSS vulnerabilities * Path disclosure vulnerabilities * SQL injection vulnerabilities * HTTP response splitting vulnerabilities bug#0000855: Unnecessary (and faulty) DEF generation for CF:AVERAGE bug#0001083: Small visual fix for Cacti in 'View Cacti Log File' bug#0001089: Graph xport modification to increase default rows output bug#0001091: Poller incorrectly identifies unique hosts bug#0001093:
CLI Scripts bring MySQL down on large installations bug#0001094:
Filtering broken on Data Sources page bug#0001103: Fix looping poller recache events bug#0001107: ss_fping.php 100% 'Pkt Loss' does not work properly bug#0001114: Graphs with no template and/or no host cause filtering errors on Graph Management page bug#0001115: View Poller Cache does not show Data Sources that have no host bug#0001118: Graph Generation fails if e.g. ifDescr contains some blanks bug#0001132:
TCP/UDP ping port ignored bug#0001133: Downed Device Detection: None leads to database errors bug#0001134: update_host_status handles ping_availability incorrectly bug#0001143: 'U' not allowed as min/max RRD value bug#0001158: Deleted user causes error on user log viewer bug#0001161: Re-assign duplicate radio button IDs bug#0001164: Add HTML title attributes for certain pages bug#0001168:
ALL_DATA_SOURCES_NODUPS includes DUPs? SIMILAR_DATA_SOURCES_DUPS is available again bug: Cacti does not guarentee RRA consolidation functions exist in RRA's bug: Alert on changing logarithmic scaling removed bug: add_hosts.php did not accept privacy protocol security:
Fix several security vulnerabilities feature: show basic RRDtool graph options on Graph Template edit feature: Add additional logging to Graph Xport feature: Add rows dropdown to devices, graphs and data sources feature: Add device_id and event count to devices feature: Add ids to devices, graphs and data sources pages feature: Add database repair utility

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200803-18 (Cacti: Multiple vulnerabilities)

    The following inputs are not properly sanitized before being processed:
    'view_type' parameter in the file graph.php, 'filter' parameter     in the file graph_view.php, 'action' and 'login_username' parameters in     the file index.php (CVE-2008-0783).
    'local_graph_id' parameter in the file graph.php     (CVE-2008-0784).
    'graph_list' parameter in the file graph_view.php, 'leaf_id' and     'id' parameters in the file tree.php, 'local_graph_id' in the file     graph_xport.php (CVE-2008-0785).
    Furthermore, CRLF injection attack are possible via unspecified vectors     (CVE-2008-0786).
  Impact :

    A remote attacker could exploit these vulnerabilities, leading to path     disclosure, Cross-Site Scripting attacks, SQL injection, and HTTP     response splitting.
  Workaround :

    There is no known workaround at this time.

- XSS vulnerabilities * Path disclosure vulnerabilities *     SQL injection vulnerabilities * HTTP response splitting     vulnerabilities bug#0000855: Unnecessary (and faulty)     DEF generation for CF:AVERAGE bug#0001083: Small visual     fix for Cacti in 'View Cacti Log File' bug#0001089:
    Graph xport modification to increase default rows output     bug#0001091: Poller incorrectly identifies unique hosts     bug#0001093: CLI Scripts bring MySQL down on large     installations bug#0001094: Filtering broken on Data     Sources page bug#0001103: Fix looping poller recache     events bug#0001107: ss_fping.php 100% 'Pkt Loss' does     not work properly bug#0001114: Graphs with no template     and/or no host cause filtering errors on Graph     Management page bug#0001115: View Poller Cache does not     show Data Sources that have no host bug#0001118: Graph     Generation fails if e.g. ifDescr contains some blanks     bug#0001132: TCP/UDP ping port ignored bug#0001133:
    Downed Device Detection: None leads to database errors     bug#0001134: update_host_status handles     ping_availability incorrectly bug#0001143: 'U' not     allowed as min/max RRD value bug#0001158: Deleted user     causes error on user log viewer bug#0001161: Re-assign     duplicate radio button IDs bug#0001164: Add HTML title     attributes for certain pages bug#0001168:
    ALL_DATA_SOURCES_NODUPS includes DUPs?     SIMILAR_DATA_SOURCES_DUPS is available again bug: Cacti     does not guarentee RRA consolidation functions exist in     RRA's bug: Alert on changing logarithmic scaling removed     bug: add_hosts.php did not accept privacy protocol     security: Fix several security vulnerabilities feature:
    show basic RRDtool graph options on Graph Template edit     feature: Add additional logging to Graph Xport feature:
    Add rows dropdown to devices, graphs and data sources     feature: Add device_id and event count to devices     feature: Add ids to devices, graphs and data sources     pages feature: Add database repair utility

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

リモートホストは、ネットワークグラフ作成用のRRDToolのWebベースフロントエンドのCactiを実行しています。

リモートホストにインストールされているCactiのバージョンは、データベースクエリを実行するために「auth_login.php」スクリプトで使用される前に、「login_username」パラメーターに対するユーザー入力のサニタイズに失敗します。PHP の「magic_quotes_gpc」設定に関係なく、攻撃者が、この問題を悪用して、データベースクエリを操作することで、機密情報を漏洩したり、認証をバイパスしたり、基礎となるデータベースを攻撃したりする可能性があります。

他にも、このCactiのバージョンに関連付けられた脆弱性があることが報告されていますが、Nessusではそれらを確認していないことに注意してください。

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.

The remote host is running Cacti, a web-based front-end to RRDTool for network graphing.

The version of Cacti installed on the remote host fails to sanitize user input to the 'login_username' parameter before using it in the 'auth_login.php' script to perform database queries.  Regardless of PHP's 'magic_quotes_gpc' setting, an attacker may be able to exploit this issue to manipulate database queries to disclose sensitive information, bypass authentication, or even attack the underlying database.

Note that there are also reportedly several other vulnerabilities associated with this version of Cacti, although Nessus has not checked for them.

遠端主機正在執行 Cacti，這是一個用於網路繪圖 RRDTool 的 Web 前端。

遠端主機上安裝的 Cacti 版本無法清理 'login_username' 參數的使用者輸入內容，便將其用於在 'auth_login.php' 指令碼中執行資料庫查詢。無論 PHP 的 'magic_quotes_gpc' 設定為何，攻擊者或可利用此問題操控資料庫查詢，進而洩漏敏感資訊、繞過驗證，甚至會攻擊基礎資料庫。

請注意，據報此 Cacti 版本還有其他一些弱點，但 Nessus 尚未檢查這些弱點。

ID	名稱	產品	系列	已發布	已更新	嚴重性
31104	Fedora 8 : cacti-0.8.7b-1.fc8 (2008-1699)	Nessus	Fedora Local Security Checks	2008/2/18	2021/1/11	high
31444	GLSA-200803-18 : Cacti: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	2008/3/13	2021/1/6	high
31107	Fedora 7 : cacti-0.8.7b-1.fc7 (2008-1737)	Nessus	Fedora Local Security Checks	2008/2/18	2021/1/11	high
31048	Cacti index.php/sql.php Login Action login_usernameパラメーターのSQLインジェクション	Nessus	CGI abuses	2008/2/13	2024/9/24	high
32143	Debian DSA-1569-2 : cacti - insufficient input sanitising	Nessus	Debian Local Security Checks	2008/5/9	2021/1/4	high
31048	Cacti index.php/sql.php Login Action login_username Parameter SQL Injection	Nessus	CGI abuses	2008/2/13	2024/9/24	high
31048	Cacti index.php/sql.php Login Action login_username 參數 SQL 插入	Nessus	CGI abuses	2008/2/13	2024/9/24	high

偵測

搜尋 Plugin

high

high

high

high

high

high

high