Signature Detail

HTTP: Cacti RRD Authentication Bypass

This signature detects attempts to exploit a known vulnerability against Cacti Round Robin Database (RRD) Tool. A successful exploitation can allow an attacker to gain privilege escalation through the Web application interface.

Extended Description

A design error affecting RaXnet Cacti can allow an attacker to prevent the 'session_start()' and 'addslashes()' functions from being called. The affected 'session_start()' and 'addslashes()' calls are nested inside an 'if' control statement that depends on an attacker-controlled value. Reports indicate that this value may be controlled through a URI parameter when 'register_globals' is set. A remote attacker may exploit these issues to gain administrative access to the affected software.

Affected Products

• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• Raxnet Cacti 0.5.0
• Raxnet Cacti 0.6.0
• Raxnet Cacti 0.6.1
• Raxnet Cacti 0.6.2
• Raxnet Cacti 0.6.3
• Raxnet Cacti 0.6.4
• Raxnet Cacti 0.6.5
• Raxnet Cacti 0.6.6
• Raxnet Cacti 0.6.7
• Raxnet Cacti 0.6.8
• Raxnet Cacti 0.6.8 a
• Raxnet Cacti 0.8.0
• Raxnet Cacti 0.8.1
• Raxnet Cacti 0.8.2
• Raxnet Cacti 0.8.2 a
• Raxnet Cacti 0.8.3
• Raxnet Cacti 0.8.3 a
• Raxnet Cacti 0.8.4
• Raxnet Cacti 0.8.5
• Raxnet Cacti 0.8.5 a
• Raxnet Cacti 0.8.6
• Raxnet Cacti 0.8.6 a
• Raxnet Cacti 0.8.6 b
• Raxnet Cacti 0.8.6 c
• Raxnet Cacti 0.8.6 d
• Raxnet Cacti 0.8.6 e

References

• BugTraq: 14130
• CVE: CVE-2005-2149
• URL: http://www.hardened-php.net/advisory-052005.php
• URL: http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch