Vigil@nce: Cacti, command execution
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use malicious names, in order to
force Cacti to execute shell commands.
– Severity: 2/4
– Creation date: 23/04/2010
DESCRIPTION OF THE VULNERABILITY
The web interface of Cacti is used to set names to objects.
These names are then for example used in Unix command lines.
However, Unix escaping characters are not filtered. A part of the
object name thus becomes a command run with Cacti privileges.
An authenticated attacker can therefore use malicious names, in
order to force Cacti to execute shell commands.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cacti-command-execution-9609