Signature Detail

HTTP: Cacti RDD Local Scripts

This signature detects attempts to exploit a known vulnerability against Cacti RDD. A successful attack can lead to arbitrary code execution.

Extended Description

Cacti is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input to the 'cmd.php' script. Exploiting this issue allows attackers to execute arbitrary commands in the context of the server. A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible. Cacti 0.8.6i and prior versions are reportedly affected.

Affected Products

• Cacti cacti 0.8.6 F
• Cacti cacti 0.8.6 H
• Cacti cacti 0.8.6I
• Debian linux 3.1.0
• Debian linux 3.1.0 Alpha
• Debian linux 3.1.0 Amd64
• Debian linux 3.1.0 Arm
• Debian linux 3.1.0 Hppa
• Debian linux 3.1.0 Ia-32
• Debian linux 3.1.0 Ia-64
• Debian linux 3.1.0 M68k
• Debian linux 3.1.0 Mips
• Debian linux 3.1.0 Mipsel
• Debian linux 3.1.0 Ppc
• Debian linux 3.1.0 S/390
• Debian linux 3.1.0 Sparc
• Gentoo linux
• Mandriva corporate_server 4.0
• Mandriva corporate_server 4.0.0 X86 64
• Openpkg openpkg 2-Stable-20061018
• Openpkg openpkg Current
• Openpkg openpkg E1.0-Solid
• Openpkg openpkg Stable
• Suse linux_personal 10.0.0 OSS
• Suse linux_personal 10.1
• Suse linux_personal 9.3.0
• Suse linux_personal 9.3.0 X86 64
• Suse linux_professional 10.0.0
• Suse linux_professional 10.0.0 OSS
• Suse linux_professional 9.3.0
• Suse linux_professional 9.3.0 X86 64
• Suse opensuse 10.2

References

• BugTraq: 21799
• CVE: CVE-2006-6799
• URL: http://www.milw0rm.com/exploits/3029
• URL: http://www.cacti.net/release_notes_0_8_6j.php