No answer yet... Does anyone know what's going on at the security team? Gunther
-----Ursprüngliche Nachricht----- Von: Gunther Stammwitz [mailto:[EMAIL PROTECTED] Gesendet: Sonntag, 10. Juli 2005 01:45 An: '[EMAIL PROTECTED]' Betreff: critical bug in cacti Wichtigkeit: Hoch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, there seems to be a bug in cacti in the stable/SARGE-distribution that is security critical. one of my servers has already been exploited. See www.cacti.net: friday, july 1st, 2005 - 07:46 pm Cacti version 0.8.6f <http://www.cacti.net/download_cacti.php> has been released to address multiple security vulnerabilities discovered by the Hardened-PHP <http://www.hardened-php.net/> Project. It is recommended that all users upgrade immediately as the 'admin' account could be compromised under certain situations. See the downloads page for the files and the release notes <http://www.cacti.net/release_notes_0_8_6f.php> for further information regarding the disclosures and patches. Please provide new packages and a security announcement. Placinc a .htaccess-file in front of cacti should help. Best regards, Gunther -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) - WinPT 0.9.12 iD8DBQFC0GFoF7nMBgB7z7wRAn3mAJ9HP0A669kvdxouekYnyMdCS6R+2ACfexiE ilCOGCWorN5SO6Wt7yg3jQA= =S6um -----END PGP SIGNATURE-----