| Anonymous | Login | Signup for a new account | 2010-02-08 18:20 EST |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0000955 | [Cacti] Security | major | always | 2007-05-22 18:10 | 2008-08-13 00:48 | ||
| Reporter | mat | View Status | public | ||||
| Assigned To | cigamit | ||||||
| Priority | normal | Resolution | fixed | Platform | |||
| Status | closed | OS | |||||
| Projection | none | OS Version | |||||
| ETA | none | Fixed in Version | Product Version | 0.8.6i | |||
| Target Version | Product Build | ||||||
| Summary | 0000955: Possibility to create a denial of service by modifying graph image url | ||||||
| Description |
It is possible to an authenticated user to modify the graph_start and graph_end values and specify higher numbers than expected in order to make cacti use all the server CPU. For example if an user modify a graph URL as seen is the location bar: http://localhost/cacti/graph_image.php?local_graph_id=2&rra_id=0&view_type=tree&graph_start=1164236234&graph_end=1179871034 [^] to this one; http://localhost/cacti/graph_image.php?local_graph_id=2&rra_id=0&view_type=tree&graph_start=1164236234000&graph_end=1179871034000 [^] rrdtool will take 100% of the CPU (for a long time). By doing multiple requests like this, an attacker may create a denial of service situation. |
||||||
| Steps To Reproduce | |||||||
| Additional Information |
Proposed solution: Modify the check done in the file lib/html_validate.php (function input_validate_input_number) by adding a second check like this: 36a37,39 > if ($value >= 10000000000) { > die_html_input_error(); > } So we would have: function input_validate_input_number($value) { if ((!is_numeric($value)) && ($value != "")) { die_html_input_error(); } if ($value >= 10000000000) { die_html_input_error(); } } |
||||||
| Tags | No tags attached. | ||||||
| Attached Files | |||||||
|
|
|||||||
 Relationships |
|
|
Notes |
|
|
(0002309) cigamit (developer) 2007-06-04 02:44 |
I have added a patch to SVN that takes care of this issue. It ignores dates beyond 9/13/2020 and also limits the graph size to 3000x3000 as large graphs (60000x40000) can also max the CPU for around 20 seconds on my machine. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2007-05-22 18:10 | mat | New Issue | |
| 2007-05-24 04:56 | mat | Issue Monitored: mat | |
| 2007-06-04 02:25 | cigamit | Assigned To | => cigamit |
| 2007-06-04 02:25 | cigamit | Severity | minor => major |
| 2007-06-04 02:25 | cigamit | Status | new => assigned |
| 2007-06-04 02:25 | cigamit | Summary | Possibility to create a denial of service on a server running Cacti => Possibility to create a denial of service by modifying graph image url |
| 2007-06-04 02:44 | cigamit | Note Added: 0002309 | |
| 2007-06-04 02:44 | cigamit | Status | assigned => resolved |
| 2007-06-04 02:44 | cigamit | Resolution | open => fixed |
| 2008-08-13 00:48 | Linegod | Status | resolved => closed |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group |  |
