tags 340829 unreproducible security moreinfo notfound 340829 0.8.6f-1 thanks
hi ulrich, On Sat, Nov 26, 2005 at 09:31:38AM +0100, Ulrich Huber wrote: > Package: Cacti > Version; 0.8.6c-7 > > According to the Cacti-Doku an a Forum Entry, there is a security hole (and > yes, it already happend to me on one of my machines...), which still exists > on the debian Version, but seems to be fixed in a newer Cacti-Release. So > please include the patch... could you provide a link to the forum entry? as far as i know the three related security holes are fixed in 0.8.6c-7sarge2, which was uploaded to sarge's security updates branch some time ago. are you sure you're running 0.8.6c-7 and not 0.8.6c-7sarge2? if so, i think that's the problem (and i'm hoping so...). > http://bugs.cacti.net/view.php?id=623 will tell you about the bug and the > way intruders are exploiting it. again, afaict the fixes have already been included. if it is still exploitable, could you send me some example log entry from your your web servers' access logs, so i can reproduce this myself? thanks, sean
signature.asc
Description: Digital signature