Menu
▾
▴
[cacti-user] TCG RESPONSE: Cacti remote code and SQL injection vulnerability
|
From: Larry A. <lar...@co...> - 2006-12-31 02:31:55
|
All, The cmd.php in SVN BRANCH_0_8_6 currently addresses this issue. We will be meeting on January 1st to discuss a patch release to address more permanently in the form of either an official release or maintenance patch. The link to the patched file can be found here: http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/cmd.php ?rev=3828&sortby=date&view=log TheWitness > -----Original Message----- > From: cac...@li... [mailto:cacti-user- > bo...@li...] On Behalf Of Frank Bulk > Sent: Saturday, December 30, 2006 8:44 PM > To: cac...@li... > Subject: Re: [cacti-user] Cacti remote code and SQL injection vulnerability > > I would be remiss if I didn't at least mention the Cacti remote code and SQL > vulnerability. > > I read about it on SANS two days ago: > http://isc.sans.org/diary.php?storyid=1986&rss > > It includes links to the actual advisories from Secunia and CVE, as well as > steps to mitigate the threat. > > Regards, > > Frank > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > cacti-user mailing list > cac...@li... > https://lists.sourceforge.net/lists/listinfo/cacti-user |