On Fri, Oct 08, 2010 at 10:26:36AM -0700, Roberto R. Morelli wrote: > If this is a security fix, which it is, why is opsview team not > pushing this out ? When you are going to push this out ? > > -Roberto
I'm happy to see the mailing list is still alive. I thrashed about the forums for a couple of days (and did get help with a question), but much prefer this format. :) > --On October 7, 2010 2:02:46 PM +0100 Ton Voon <[email protected]> wrote: > > > > > > > > >On 7 Oct 2010, at 07:13, aero wrote: > > > >My company's security team found a security flaws in opsview. even for 3.9.0 > > > >Someone can execute shell command via URL( ex. > >http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10 | ls -l ) > > > > > > > > > >Hi Kang, > > > >Thanks for the report. The patch is here: > >https://secure.opsera.com/wsvn/wsvn/opsview?op=comp&compare[]=%2ftr...@5159&; > >compare[]=%2ftr...@5160 > > > > > >You are already on our contributor's list: > >http://opsview.com/community/developer-zone/contributors > > > > > >Unless you want me to change it to your full name? > > > > > >Ton > > > > > > -- > -------------------------------- > Roberto R. Morelli > [email protected] > Energy Sciences Network > Lawrence Berkeley National Lab. > 510-486-7255 > > PGP Key Fingerprint: F49F 1186 0E2B F591 1BF7 0538 79AA F8C7 7E8B 4562 > > _______________________________________________ > Opsview-users mailing list > [email protected] > http://lists.opsview.org/lists/listinfo/opsview-users -- regards, --tony _______________________________________________ Opsview-users mailing list [email protected] http://lists.opsview.org/lists/listinfo/opsview-users
