181112 – net-analyzer/cacti "graph_image.php" Denial of Service (CVE-2007-3112 CVE-2007-3113)

Bug 181112 - net-analyzer/cacti "graph_image.php" Denial of Service (CVE-2007-3112 CVE-2007-3113)

Summary: net-analyzer/cacti "graph_image.php" Denial of Service (CVE-2007-3112 CVE-200...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/25557/
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-06-06 18:50 UTC by Lars Hartmann
Modified:	2007-06-25 17:05 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Hartmann 2007-06-06 18:50:09 UTC

A vulnerability has been discovered in Cacti, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in graph_image.php, which can be exploited to use lots of system resources by passing malicious values to the "graph_start", "graph_end", "graph_width", and "graph_height" parameters.

The vulnerability is confirmed in version 0.8.6j. Other versions may also be affected.

Solution:
Apply the vendor's official fix:
http://svn.cacti.net/cgi-bin/viewcvs.....php?rev=3956&r1=3898&r2=3956

Provided and/or discovered by:
Mathieu Dessus and the vendor

Original Advisory:
http://mdessus.free.fr/?p=15

Reproducible: Always

Comment 1 Lars Hartmann 2007-06-06 18:52:08 UTC

maintainers - please advice and patch as necessary

Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-06-06 19:40:52 UTC

-r5 bumped with the patch

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-06-06 20:04:01 UTC

Arches please test and mark stable. Target keywords are:

cacti-0.8.6j-r5.ebuild:KEYWORDS="alpha ~amd64 ~hppa ppc ppc64 sparc x86"

Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev

2007-06-06 20:48:20 UTC

sparc stable.

Comment 5 Peter Volkov (RETIRED) gentoo-dev

2007-06-07 10:34:04 UTC

Arch teams: It's better to stabilize cacti-0.8.6j-r6.ebuild as it contains new patch from upstream which fixes snmp walk functionality: http://www.cacti.net/download_patches.php. I do not think it's worth to give that patch any approbation period... Of course that's up to you, but then I'll find you in another bug very soon :)

Comment 6 Christian Faulhammer (RETIRED) gentoo-dev

2007-06-07 11:50:51 UTC

(In reply to comment #5)
> Arch teams: It's better to stabilize cacti-0.8.6j-r6.ebuild as it contains new
> patch from upstream which fixes snmp walk functionality:
 
GRRR...just when I finished testing -r5.

x86 stable, adding back sparc, maybe they are interested, too

Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev

2007-06-07 13:47:50 UTC

Thanks Christian, sparc stable too.

Comment 8 Markus Rothe (RETIRED) gentoo-dev

2007-06-07 13:56:37 UTC

ppc64 stable

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2007-06-08 13:10:40 UTC

alpha stable

Comment 10 Lars Hartmann 2007-06-08 21:34:44 UTC

new target ebuild: cacti-0.8.6j-r6.ebuild:KEYWORDS="alpha ~amd64 ~hppa ppc ppc64 sparc x86"

Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev

2007-06-09 16:00:01 UTC

ppc stable, readd ppc64@g.o

Comment 12 Markus Rothe (RETIRED) gentoo-dev

2007-06-09 16:11:24 UTC

nah.. I did it wrong ^^

now -r6 stable on ppc64.

Comment 13 Lars Hartmann 2007-06-11 19:34:58 UTC

thanks arches for testing and mantainer for providing the ebuild

This ebuild is ready for glsa decision

Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-06-11 19:42:52 UTC

I tend to vote yes. btw, CVE ids are CVE-2007-3112 and CVE-2007-3113

Comment 15 Lars Hartmann 2007-06-12 16:03:31 UTC

fixed that - thanks for the hint.

Comment 16 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-06-13 18:57:49 UTC

I tend to vote NO.

Comment 17 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-06-25 17:05:47 UTC

No too, and i think it is not really a vulnerability, i can consume CPU too by pressing "F5".  CLosing, feel free to reopen if you disagree.