Vulnerabilities > CVE-2007-3112 - Denial-Of-Service vulnerability in Cacti
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. The vendor
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2007-3683.NASL description - Tue Nov 20 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.7a-1 - Upstream released new version - Fixes for bug #391691 - CVE-2007-6035 - Sat Oct 13 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.7-2 - Upstream released new version - No longer need to patch for /etc/cacti/* - Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-8 - Fix for CVE-2007-3112 bz#243592 - Sat Sep 8 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-6 - rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28313 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28313 title Fedora 7 : cacti-0.8.7a-1.fc7 (2007-3683) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-3683. # include("compat.inc"); if (description) { script_id(28313); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-6035"); script_xref(name:"FEDORA", value:"2007-3683"); script_name(english:"Fedora 7 : cacti-0.8.7a-1.fc7 (2007-3683)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Tue Nov 20 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.7a-1 - Upstream released new version - Fixes for bug #391691 - CVE-2007-6035 - Sat Oct 13 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.7-2 - Upstream released new version - No longer need to patch for /etc/cacti/* - Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-8 - Fix for CVE-2007-3112 bz#243592 - Sat Sep 8 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-6 - rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=391991" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/005198.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?06f4d1c5" ); script_set_attribute(attribute:"solution", value:"Update the affected cacti package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(89); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cacti"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"cacti-0.8.7a-1.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cacti"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-2199.NASL description - Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-8 - Fix for CVE-2007-3112 bz#243592 - Sat Sep 8 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-6 - rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27757 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27757 title Fedora 7 : cacti-0.8.6j-8.fc7 (2007-2199) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2199. # include("compat.inc"); if (description) { script_id(27757); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-3112", "CVE-2007-3113"); script_xref(name:"FEDORA", value:"2007-2199"); script_name(english:"Fedora 7 : cacti-0.8.6j-8.fc7 (2007-2199)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-8 - Fix for CVE-2007-3112 bz#243592 - Sat Sep 8 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-6 - rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=243592" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003832.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?626cf695" ); script_set_attribute(attribute:"solution", value:"Update the affected cacti package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cacti"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"cacti-0.8.6j-8.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cacti"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1954.NASL description Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3112, CVE-2007-3113 It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start and graph_end parameters. This issue only affects the oldstable (etch) version of cacti. - CVE-2009-4032 It was discovered that cacti is prone to several cross-site scripting attacks via different vectors. - CVE-2009-4112 It has been discovered that cacti allows authenticated administrator users to gain access to the host system by executing arbitrary commands via the last seen 2020-06-01 modified 2020-06-02 plugin id 44819 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44819 title Debian DSA-1954-1 : cacti - insufficient input sanitising code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1954. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44819); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2007-3112", "CVE-2007-3113", "CVE-2009-4032", "CVE-2010-2543"); script_bugtraq_id(37109); script_xref(name:"DSA", value:"1954"); script_name(english:"Debian DSA-1954-1 : cacti - insufficient input sanitising"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3112, CVE-2007-3113 It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start and graph_end parameters. This issue only affects the oldstable (etch) version of cacti. - CVE-2009-4032 It was discovered that cacti is prone to several cross-site scripting attacks via different vectors. - CVE-2009-4112 It has been discovered that cacti allows authenticated administrator users to gain access to the host system by executing arbitrary commands via the 'Data Input Method' for the 'Linux - Get Memory Usage' setting. There is no fix for this issue at this stage. Upstream will implement a whitelist policy to only allow certain 'safe' commands. For the moment, we recommend that such access is only given to trusted users and that the options 'Data Input' and 'User Administration' are otherwise deactivated." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429224" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3112" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3113" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-4032" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-4112" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1954" ); script_set_attribute( attribute:"solution", value: "Upgrade the cacti packages. For the oldstable distribution (etch), these problems have been fixed in version 0.8.6i-3.6. For the stable distribution (lenny), this problem has been fixed in version 0.8.7b-2.1+lenny1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cacti"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"cacti", reference:"0.8.6i-3.6")) flag++; if (deb_check(release:"5.0", prefix:"cacti", reference:"0.8.7b-2.1+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:15105 |
| last seen | 2017-11-19 |
| modified | 2009-12-17 |
| published | 2009-12-17 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-15105 |
| title | New cacti packages fix insufficient input sanitising |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html
- http://bugs.cacti.net/view.php?id=955
- http://fedoranews.org/updates/FEDORA-2007-219.shtml
- http://mdessus.free.fr/?p=15
- http://osvdb.org/37019
- http://secunia.com/advisories/25557
- http://secunia.com/advisories/26872
- http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:184
- https://bugzilla.redhat.com/show_bug.cgi?id=243592
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34747