Vulnerability CVE-2010-1431 - CERT Civis.Net

Vulnerability Name:

CVE-2010-1431 (CCN-58053)

Assigned:

2010-04-22

Published:

2010-04-22

Updated:

2012-02-16

Summary:

SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Data Manipulation

References:

Source: CONFIRM
Type: Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909

Source: MITRE
Type: CNA
CVE-2010-1431

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:011

Source: FULLDISC
Type: UNKNOWN
20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e

Source: CCN
Type: SA39568
Cacti export_item_id SQL Injection Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39568

Source: SECUNIA
Type: Vendor Advisory
39572

Source: CCN
Type: SA41041
Red Hat High Performance Computing (HPC) Solution Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
41041

Source: CONFIRM
Type: Patch
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch

Source: CCN
Type: Cacti Web site
Cacti

Source: DEBIAN
Type: UNKNOWN
DSA-2039

Source: DEBIAN
Type: DSA-2039
cacti -- missing input sanitising

Source: MISC
Type: UNKNOWN
http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:092

Source: CCN
Type: OSVDB ID: 63967
Cacti templates_export.php export_item_id Parameter SQL Injection

Source: BID
Type: UNKNOWN
39653

Source: CCN
Type: BID-39653
Cacti 'export_item_id' Parameter SQL Injection Vulnerability

Source: CCN
Type: BID-42575
Cacti Cross Site Scripting and HTML Injection Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0986

Source: VUPEN
Type: UNKNOWN
ADV-2010-1107

Source: VUPEN
Type: UNKNOWN
ADV-2010-2132

Source: XF
Type: UNKNOWN
cacti-templates-sql-injection(58053)

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0635

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-22-2010]

Source: SUSE
Type: SUSE-SR:2010:011
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:cacti:cacti:0.5:-:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.1:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.2:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.3:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.4:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.5:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.6:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.7:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.8:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.6.8a:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.1:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.2:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.3:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.4:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.5:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6a:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6b:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6d:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6g:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6h:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.6k:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.7:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.7b:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.7c:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:0.8.7d:*:*:*:*:*:*:*

OR cpe:/a:cacti:cacti:*:*:*:*:*:*:*:* (Version <= 0.8.7e)

Configuration CCN 1:

cpe:/a:cacti:cacti:0.8.7e:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20101431	V	CVE-2010-1431	2015-11-16