CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
92.9%
Several vulnerabilities have been discovered in cacti, a round-robin database (RRD) tool that helps create graphs from database information. The Common Vulnerabilities and Exposures Project identifies the following problems :
CAN-2005-1524 Maciej Piotr Falkiewicz and an anonymous researcher discovered an input validation bug that allows an attacker to include arbitrary PHP code from remote sites which will allow the execution of arbitrary code on the server running cacti.
CAN-2005-1525
Due to missing input validation cacti allows a remote attacker to insert arbitrary SQL statements.
CAN-2005-1526
Maciej Piotr Falkiewicz discovered an input validation bug that allows an attacker to include arbitrary PHP code from remote sites which will allow the execution of arbitrary code on the server running cacti.
CAN-2005-2148
Stefan Esser discovered that the update for the above mentioned vulnerabilities does not perform proper input validation to protect against common attacks.
CAN-2005-2149
Stefan Esser discovered that the update for CAN-2005-1525 allows remote attackers to modify session information to gain privileges and disable the use of addslashes to protect against SQL injection.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-764. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(19258);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526", "CVE-2005-2148", "CVE-2005-2149");
script_xref(name:"DSA", value:"764");
script_name(english:"Debian DSA-764-1 : cacti - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities have been discovered in cacti, a round-robin
database (RRD) tool that helps create graphs from database
information. The Common Vulnerabilities and Exposures Project
identifies the following problems :
- CAN-2005-1524
Maciej Piotr Falkiewicz and an anonymous researcher
discovered an input validation bug that allows an
attacker to include arbitrary PHP code from remote sites
which will allow the execution of arbitrary code on the
server running cacti.
- CAN-2005-1525
Due to missing input validation cacti allows a remote
attacker to insert arbitrary SQL statements.
- CAN-2005-1526
Maciej Piotr Falkiewicz discovered an input validation
bug that allows an attacker to include arbitrary PHP
code from remote sites which will allow the execution of
arbitrary code on the server running cacti.
- CAN-2005-2148
Stefan Esser discovered that the update for the above
mentioned vulnerabilities does not perform proper input
validation to protect against common attacks.
- CAN-2005-2149
Stefan Esser discovered that the update for
CAN-2005-1525 allows remote attackers to modify session
information to gain privileges and disable the use of
addslashes to protect against SQL injection."
);
script_set_attribute(
attribute:"see_also",
value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316590"
);
script_set_attribute(
attribute:"see_also",
value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315703"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2005/dsa-764"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the cacti package.
For the old stable distribution (woody) these problems have been fixed
in version 0.6.7-2.5.
For the stable distribution (sarge) these problems have been fixed in
version 0.8.6c-7sarge2."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cacti");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
script_set_attribute(attribute:"patch_publication_date", value:"2005/07/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/21");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"cacti", reference:"0.6.7-2.5")) flag++;
if (deb_check(release:"3.1", prefix:"cacti", reference:"0.8.6c-7sarge2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
bugs.debian.org/cgi-bin/bugreport.cgi?bug=315703
bugs.debian.org/cgi-bin/bugreport.cgi?bug=316590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2149
www.debian.org/security/2005/dsa-764