Trent Lloyd tested similar fixes, and they seem to work, so I've
published that version. It should be on the archives shortly.
** Changed in: cacti (Ubuntu Dapper)
Status: Confirmed => Fix Released
--
cacti remote injection exploit
https://bugs.launchpad.net/bugs/78453
You received this
Breezy support is over.. Today it's Breezy End Of Life!
** Changed in: cacti (Ubuntu Breezy)
Status: Confirmed => Rejected
--
cacti remote injection exploit
https://bugs.launchpad.net/bugs/78453
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug c
Thanks for the fix. Warned some friends as well so they can start the
update as well.
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** Changed in: cacti (Ubuntu Edgy)
Status: Fix Committed => Fix Released
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Kees, thanks..
Sadly, nobody else of the initial reporters wanted to test the Edgy fix
:( Very motivating ;)
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Publishing edgy update now. Dapper still needs someone to fix the
database errors.
** Changed in: cacti (Ubuntu Edgy)
Assignee: (unassigned) => Kees Cook
Status: Needs Info => Fix Committed
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing l
Hi,
I got "hacked" because of this bug (running edgy), Is their an ETA
available for the fix? Willing to test it :)
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** Changed in: cacti (Ubuntu Dapper)
Assignee: Martin Jürgens => (unassigned)
** Changed in: cacti (Ubuntu Dapper)
Status: In Progress => Confirmed
** Changed in: cacti (Ubuntu Edgy)
Assignee: Martin Jürgens => (unassigned)
--
cacti remote injection exploit
https://launchpad.ne
Hi Kees, the Edgy debdiff works fine, the Dapper debdiff has to be
modified (I didn't yet find out how)
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Hi Martin, what's the status of these debdiffs? It sounds like they
need to be modified in some way to deal with debconf changes, is that
correct?
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.co
New cacti Edgy deb, available at [1], needs further user testing.
[1] http://gamesplace.info/opensource/ubuntu/cacti/cacti_0.8.6h-
1ubuntu3.1_all.deb
New cacti Dapper deb should work but has to be fixed so that no dialogue
appears.
** Changed in: cacti (Ubuntu Edgy)
Status: In Progress
The cacti Dapper deb works fine for me now, also.
The problem was that I did not receive any notifications from debconf.
Now, I got one saying that a table already exists. I selected ignore and
the update installed successfully:
[EMAIL PROTECTED]:/tmp# dpkg -i cacti_0.8.6h-1ubuntu3.1_all.deb
(Le
The cacti Edgy deb works fine for me when upgrading from 0.8.6h-3. Could
anyone please confirm that so that we can push the updated deb to edgy-
security?
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ub
The cacti Dapper deb does not seem to work, I would suggest not to try
it since it seems to break some stuff..
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** Attachment added: "cacti edgy deb fixing the issue"
http://librarian.launchpad.net/5909634/cacti_0.8.6h-3ubuntu0.1_all.deb
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo
I am now going to attach debs fixing the issue for Edgy and Dapper.
It would be nice if you could try those and report if they work. Please
also include your distribution.
** Attachment added: "cacti dapper deb fixing the issue"
http://librarian.launchpad.net/5909632/cacti_0.8.6h-1ubuntu3.1_al
** Attachment added: "cacti edgy debdiff fixing the issue"
http://librarian.launchpad.net/5909522/cacti-edgy.debdiff
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-b
** Attachment added: "cacti dapper debdiff fixing the issue"
http://librarian.launchpad.net/5909519/cacti-dapper.debdiff
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubun
I have .debdiffs prepared which need some testing.
I am going to attach them. It would be nice if you could try those and
report if they work. Please also include your distribution.
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists
** Changed in: cacti (Ubuntu Dapper)
Status: Confirmed => In Progress
** Changed in: cacti (Ubuntu Edgy)
Status: Confirmed => In Progress
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubun
** Changed in: cacti (Ubuntu Edgy)
Assignee: (unassigned) => Martin Jürgens
** Changed in: cacti (Ubuntu Dapper)
Assignee: (unassigned) => Martin Jürgens
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https:
** Changed in: cacti (Debian)
Status: Fix Committed => Fix Released
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Yes the plan is there. However I cannot promise you a date when this
will happen, since we are a little bit low on manpower :(.
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/u
Question: is there a plan to push a fix for this out to Dapper?
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** Changed in: cacti (Ubuntu Breezy)
Importance: Undecided => High
Status: Unconfirmed => Confirmed
** Changed in: cacti (Ubuntu Dapper)
Importance: Undecided => High
Status: Unconfirmed => Confirmed
** Changed in: cacti (Ubuntu Edgy)
Importance: Undecided => High
St
Feisty package is built and thus fixed... (in case this bug vanishes
completely from the list of -swat, I'll reopen it)
** Changed in: cacti (Ubuntu)
Status: Confirmed => Fix Released
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-b
just filed a sync request to get the fixed version from debian into
feisty.
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** Changed in: cacti (Debian)
Status: Confirmed => Fix Committed
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
This thread has patches for 0.8.6h and 0.8.6i:
http://forums.cacti.net/post-88714.html
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Setting importance to high, due to impact of exploit.
** Changed in: cacti (Ubuntu)
Importance: Undecided => High
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Just saw someone trying this exploit out on a box.. :-( saw the exploit
from sans at the end of december, but still no patch to Ubuntu!!
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/
This is quite easy to work around. Add the following lines to
/etc/cacti/apache.conf:
Deny from All
Deny from All
These script shouldn't be reachable through the webserver anyways.
** Changed in: cacti (Ubuntu)
Status: U
** Changed in: cacti (Debian)
Status: Unknown => Confirmed
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** This bug has been flagged as a security issue
** Bug watch added: Debian Bug tracker #404818
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404818
** Also affects: cacti (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404818
Importance: Unknown
Status: Unknown
34 matches
Mail list logo
