With the forums, we would have not seen any details about security issue without logging in and looking at the threads.
Still vote for email ! KISS principle ! Cheers all. -R --On October 8, 2010 10:34:27 AM -0700 Tony Hunter <[email protected]> wrote:
On Fri, Oct 08, 2010 at 10:26:36AM -0700, Roberto R. Morelli wrote:If this is a security fix, which it is, why is opsview team not pushing this out ? When you are going to push this out ? -RobertoI'm happy to see the mailing list is still alive. I thrashed about the forums for a couple of days (and did get help with a question), but much prefer this format. :)--On October 7, 2010 2:02:46 PM +0100 Ton Voon <[email protected]> wrote: > > > > On 7 Oct 2010, at 07:13, aero wrote: > > My company's security team found a security flaws in opsview. even for > 3.9.0 > > Someone can execute shell command via URL( ex. > http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10 | ls -l ) > > > > > Hi Kang, > > Thanks for the report. The patch is here: > https://secure.opsera.com/wsvn/wsvn/opsview?op=comp&compare[]=%2ftr...@51 > 59& compare[]=%2ftr...@5160 > > > You are already on our contributor's list: > http://opsview.com/community/developer-zone/contributors > > > Unless you want me to change it to your full name? > > > Ton > -- -------------------------------- Roberto R. Morelli [email protected] Energy Sciences Network Lawrence Berkeley National Lab. 510-486-7255 PGP Key Fingerprint: F49F 1186 0E2B F591 1BF7 0538 79AA F8C7 7E8B 4562_______________________________________________ Opsview-users mailing list [email protected] http://lists.opsview.org/lists/listinfo/opsview-users
-- -------------------------------- Roberto R. Morelli [email protected] Energy Sciences Network Lawrence Berkeley National Lab. 510-486-7255 PGP Key Fingerprint: F49F 1186 0E2B F591 1BF7 0538 79AA F8C7 7E8B 4562
pgpIHVJSGEFls.pgp
Description: PGP signature
_______________________________________________ Opsview-users mailing list [email protected] http://lists.opsview.org/lists/listinfo/opsview-users
