tags 340829 unreproducible security moreinfo
notfound 340829 0.8.6f-1
thanks
hi ulrich,
On Sat, Nov 26, 2005 at 09:31:38AM +0100, Ulrich Huber wrote:
Package: Cacti
Version; 0.8.6c-7
According to the Cacti-Doku an a Forum Entry, there is a security hole (and
yes, it already happend to me on one of my machines...), which still exists
on the debian Version, but seems to be fixed in a newer Cacti-Release. So
please include the patch...
could you provide a link to the forum entry? as far as i know the
three related security holes are fixed in 0.8.6c-7sarge2, which was
uploaded to sarge's security updates branch some time ago. are you
sure you're running 0.8.6c-7 and not 0.8.6c-7sarge2? if so, i think
that's the problem (and i'm hoping so...).
http://bugs.cacti.net/view.php?id=623 will tell you about the bug and the
way intruders are exploiting it.
again, afaict the fixes have already been included. if it is still
exploitable, could you send me some example log entry from your
your web servers' access logs, so i can reproduce this myself?
thanks,
sean
signature.asc
Description: Digital signature
