It is possible to an authenticated user in Cacti to modify the graph_start and graph_end parameters values in the URL, and specify higher numbers than expected in order to make cacti use all the server CPU.
For example, if an user modify a graph URL as seen is the location bar:


to this one:


rrdtool will take 100% of the CPU (for a long time). By doing multiple requests like this, an attacker may create a denial of service on the server running Cacti.

Proposed patch:

Modify the check done in the file lib/html_validate.php (function input_validate_input_number in Cacti current version) by adding a second check like this:

>        if ($value >= 10000000000) {
>              die_html_input_error();
>        }

So we would have:

function input_validate_input_number($value) {
  if ((!is_numeric($value)) && ($value != "")) {
  if ($value >= 10000000000) {

I have posted this bug in Cacti bugtracker more than one week ago. It is referenced as CVE-2007-3112.

June 2, 2007, 12:17 pm lock

Add your own comment or set a trackback

Currently 1 comment

Add your own comment

To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image

Follow comments according to this article through a RSS 2.0 feed