WG: critical bug in cacti

To: <debian-security@lists.debian.org>
Subject: WG: critical bug in cacti
From: "Gunther Stammwitz" <gstammw@gmx.net>
Date: Thu, 14 Jul 2005 15:26:45 +0200
Message-id: <[🔎] 20050714132611.4B9DA170029@server.edu-search.de>

No answer yet... Does anyone know what's going on at the security team?

Gunther
 

-----Ursprüngliche Nachricht-----
Von: Gunther Stammwitz [mailto:gstammw@gmx.net] 
Gesendet: Sonntag, 10. Juli 2005 01:45
An: 'security@debian.org'
Betreff: critical bug in cacti
Wichtigkeit: Hoch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
there seems to be a bug in cacti in the stable/SARGE-distribution that is
security critical.
one of my servers has already been exploited.
 
See www.cacti.net:

friday, july 1st, 2005 - 07:46 pm
Cacti version 0.8.6f <http://www.cacti.net/download_cacti.php>  has been
released to address multiple security vulnerabilities discovered by the
Hardened-PHP <http://www.hardened-php.net/>  Project. It is recommended that
all users upgrade immediately as the 'admin' account could be compromised
under certain situations.

See the downloads page for the files and the release notes
<http://www.cacti.net/release_notes_0_8_6f.php>  for further information
regarding the disclosures and patches.



Please provide new packages and a security announcement.
Placinc a .htaccess-file in front of cacti should help.

Best regards,
Gunther
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - WinPT 0.9.12

iD8DBQFC0GFoF7nMBgB7z7wRAn3mAJ9HP0A669kvdxouekYnyMdCS6R+2ACfexiE
ilCOGCWorN5SO6Wt7yg3jQA=
=S6um
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: WG: critical bug in cacti
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Document the bug fix policy regarding PHP Safe Mode
Next by Date: Timeliness of Debian Security Announceness? (DSA 756-1 Squirrelmail)
Previous by thread: Re: [SECURITY] [DSA 746-1] New packages fix remote command execution in phpgroupware
Next by thread: Re: WG: critical bug in cacti
Index(es):
- Date
- Thread