Signature Detail

HTTP: RaXnet Cacti Config_Settings.PHP Remote File Inclusion

This signature detects attempts to exploit a known vulnerability against RaXnet Cacti. A successful attack can lead to arbitrary code execution.

Extended Description

RaXnet Cacti is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'config_settings.php' script. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

Affected Products

• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• Debian Linux 3.0.0
• Debian Linux 3.0.0 Alpha
• Debian Linux 3.0.0 Arm
• Debian Linux 3.0.0 Hppa
• Debian Linux 3.0.0 Ia-32
• Debian Linux 3.0.0 Ia-64
• Debian Linux 3.0.0 M68k
• Debian Linux 3.0.0 Mips
• Debian Linux 3.0.0 Mipsel
• Debian Linux 3.0.0 Ppc
• Debian Linux 3.0.0 S/390
• Debian Linux 3.0.0 Sparc
• Debian Linux 3.1.0
• Debian Linux 3.1.0 Alpha
• Debian Linux 3.1.0 Arm
• Debian Linux 3.1.0 Hppa
• Debian Linux 3.1.0 Ia-32
• Debian Linux 3.1.0 Ia-64
• Debian Linux 3.1.0 M68k
• Debian Linux 3.1.0 Mips
• Debian Linux 3.1.0 Mipsel
• Debian Linux 3.1.0 Ppc
• Debian Linux 3.1.0 S/390
• Debian Linux 3.1.0 Sparc
• FreeBSD 4.10.0
• FreeBSD 4.10.0 -RELEASE
• FreeBSD 4.10.0 -RELEASE-P8
• FreeBSD 4.10.0 -RELENG
• FreeBSD 4.11.0 -RELEASE-P3
• FreeBSD 4.11.0 -RELENG
• FreeBSD 4.11.0 -STABLE
• FreeBSD 5.0.0
• FreeBSD 5.0.0 Alpha
• FreeBSD 5.0.0 -RELEASE-P14
• FreeBSD 5.0.0 -RELENG
• FreeBSD 5.1.0
• FreeBSD 5.1.0 -RELEASE
• FreeBSD 5.1.0 -RELEASE/Alpha
• FreeBSD 5.1.0 -RELEASE-P5
• FreeBSD 5.1.0 -RELENG
• FreeBSD 5.2.0
• FreeBSD 5.2.0 -RELEASE
• FreeBSD 5.2.0 -RELENG
• FreeBSD 5.2.1 -RELEASE
• FreeBSD 5.3.0
• FreeBSD 5.3.0 -RELEASE
• FreeBSD 5.3.0 -RELENG
• FreeBSD 5.3.0 -STABLE
• FreeBSD 5.4.0 -PRERELEASE
• FreeBSD 5.4.0 -RELEASE
• FreeBSD 5.4.0 -RELENG
• Gentoo Linux
• Raxnet Cacti 0.5.0
• Raxnet Cacti 0.6.0
• Raxnet Cacti 0.6.1
• Raxnet Cacti 0.6.2
• Raxnet Cacti 0.6.3
• Raxnet Cacti 0.6.4
• Raxnet Cacti 0.6.5
• Raxnet Cacti 0.6.6
• Raxnet Cacti 0.6.7
• Raxnet Cacti 0.6.8
• Raxnet Cacti 0.6.8 a
• Raxnet Cacti 0.8.0
• Raxnet Cacti 0.8.1
• Raxnet Cacti 0.8.2
• Raxnet Cacti 0.8.2 a
• Raxnet Cacti 0.8.3
• Raxnet Cacti 0.8.3 a
• Raxnet Cacti 0.8.4
• Raxnet Cacti 0.8.5
• Raxnet Cacti 0.8.5 a
• Raxnet Cacti 0.8.6
• Raxnet Cacti 0.8.6 a
• Raxnet Cacti 0.8.6 b
• Raxnet Cacti 0.8.6 c
• Raxnet Cacti 0.8.6 d
• Siteframe 3.0.1
• Siteframe 3.0.2
• Siteframe 3.1.0
• Siteframe 3.1.1
• Siteframe 3.1.2
• Siteframe 3.1.4
• Siteframe 3.1.6
• Siteframe 3.1.8 BETA
• Siteframe 3.1.9
• Siteframe 3.2.0 p5
• SuSE Linux Desktop 1.0.0
• SuSE Linux Enterprise Server for S/390 9.0.0
• SuSE Linux Personal 8.2.0
• SuSE Linux Personal 9.0.0
• SuSE Linux Personal 9.0.0 X86 64
• SuSE Linux Personal 9.1.0
• SuSE Linux Personal 9.1.0 X86 64
• SuSE Linux Personal 9.2.0
• SuSE Linux Personal 9.2.0 X86 64
• SuSE Linux Personal 9.3.0
• SuSE Linux Personal 9.3.0 X86 64
• SuSE Linux Professional 8.2.0
• SuSE Linux Professional 9.0.0
• SuSE Linux Professional 9.0.0 X86 64
• SuSE Linux Professional 9.1.0
• SuSE Linux Professional 9.1.0 X86 64
• SuSE Linux Professional 9.2.0
• SuSE Linux Professional 9.2.0 X86 64
• SuSE Linux Professional 9.3.0
• SuSE Linux Professional 9.3.0 X86 64
• SuSE Novell Linux Desktop 9.0.0
• SuSE Open-Enterprise-Server 9.0.0
• SuSE SUSE Linux Enterprise Server 8
• SuSE SUSE Linux Enterprise Server 9
• SuSE SuSE Linux Openexchange Server 4.0.0
• SuSE SUSE LINUX Retail Solution 8.0.0
• SuSE SuSE Linux School Server for i386
• SuSE SuSE Linux Standard Server 8.0.0

References

• BugTraq: 14028
• CVE: CVE-2005-1526
• URL: http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities
• URL: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0066.html