Re: [opsview-users] opsview security flaw

Roberto R. Morelli Fri, 08 Oct 2010 10:27:47 -0700

If this is a security fix, which it is, why is opsview team not pushing this out ? When you are going to push this out ?


-Roberto



--On October 7, 2010 2:02:46 PM +0100 Ton Voon <[email protected]> wrote:




On 7 Oct 2010, at 07:13, aero wrote:

My company's security team found a security flaws in opsview. even for 3.9.0

Someone can execute shell command via URL( ex.
http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10 | ls -l )




Hi Kang,

Thanks for the report. The patch is here:
https://secure.opsera.com/wsvn/wsvn/opsview?op=comp&compare[]=%2ftr...@5159&;
compare[]=%2ftr...@5160


You are already on our contributor's list:
http://opsview.com/community/developer-zone/contributors


Unless you want me to change it to your full name?


Ton




--
--------------------------------
Roberto R. Morelli
[email protected]
Energy Sciences Network
Lawrence Berkeley National Lab.
510-486-7255

PGP Key Fingerprint: F49F 1186 0E2B F591 1BF7  0538 79AA F8C7 7E8B 4562

pgpJwpTupoKgy.pgp
Description: PGP signature

_______________________________________________
Opsview-users mailing list
[email protected]
http://lists.opsview.org/lists/listinfo/opsview-users

Re: [opsview-users] opsview security flaw

Reply via email to