| 2007-01-08 15:20:17 |
Chris Weiss |
bug |
|
|
added bug |
| 2007-01-08 15:34:21 |
Michael Bienia |
bug |
|
|
added subscriber MOTU SWAT Team |
| 2007-01-08 15:35:47 |
Kai Kasurinen |
bug |
|
|
assigned to cacti (Debian) |
| 2007-01-08 15:36:31 |
Kai Kasurinen |
bug |
|
|
added subscriber Ubuntu Security Team |
| 2007-01-09 11:50:46 |
Bug Watch Updater |
cacti: status |
Unknown |
Confirmed |
|
| 2007-01-09 15:37:33 |
Mark Schouten |
cacti: status |
Unconfirmed |
Confirmed |
|
| 2007-01-09 15:37:33 |
Mark Schouten |
cacti: statusexplanation |
|
This is quite easy to work around. Add the following lines to /etc/cacti/apache.conf:
<Files cmd.php>
Deny from All
</Files>
<Files poller.php>
Deny from All
</Files>
These script shouldn't be reachable through the webserver anyways.
|
|
| 2007-01-13 00:22:20 |
StefanPotyra |
cacti: importance |
Undecided |
High |
|
| 2007-01-13 00:22:20 |
StefanPotyra |
cacti: statusexplanation |
This is quite easy to work around. Add the following lines to /etc/cacti/apache.conf:
<Files cmd.php>
Deny from All
</Files>
<Files poller.php>
Deny from All
</Files>
These script shouldn't be reachable through the webserver anyways.
|
Setting importance to high, due to impact of exploit. |
|
| 2007-01-17 05:09:09 |
Bug Watch Updater |
cacti: status |
Confirmed |
Fix Committed |
|
| 2007-01-22 21:33:24 |
StefanPotyra |
cacti: status |
Confirmed |
Fix Released |
|
| 2007-01-22 21:33:24 |
StefanPotyra |
cacti: statusexplanation |
Setting importance to high, due to impact of exploit. |
Feisty package is built and thus fixed... (in case this bug vanishes completely from the list of -swat, I'll reopen it) |
|
| 2007-01-22 22:13:35 |
Kees Cook |
cacti: status |
Unconfirmed |
Confirmed |
|
| 2007-01-22 22:13:35 |
Kees Cook |
cacti: importance |
Undecided |
High |
|
| 2007-01-22 22:13:35 |
Kees Cook |
cacti: statusexplanation |
|
|
|
| 2007-01-22 22:13:44 |
Kees Cook |
cacti: status |
Unconfirmed |
Confirmed |
|
| 2007-01-22 22:13:44 |
Kees Cook |
cacti: importance |
Undecided |
High |
|
| 2007-01-22 22:13:44 |
Kees Cook |
cacti: statusexplanation |
|
|
|
| 2007-01-22 22:13:52 |
Kees Cook |
cacti: status |
Unconfirmed |
Confirmed |
|
| 2007-01-22 22:13:52 |
Kees Cook |
cacti: importance |
Undecided |
High |
|
| 2007-01-22 22:13:52 |
Kees Cook |
cacti: statusexplanation |
|
|
|
| 2007-01-24 21:32:00 |
Bug Watch Updater |
cacti: status |
Fix Committed |
Fix Released |
|
| 2007-01-27 22:53:01 |
magilus |
cacti: assignee |
|
pirast |
|
| 2007-01-27 22:53:10 |
magilus |
cacti: assignee |
|
pirast |
|
| 2007-01-27 23:31:08 |
magilus |
cacti: status |
Confirmed |
In Progress |
|
| 2007-01-27 23:31:15 |
magilus |
cacti: status |
Confirmed |
In Progress |
|
| 2007-01-28 00:11:34 |
magilus |
bug |
|
|
added attachment 'cacti-dapper.debdiff' (cacti dapper debdiff fixing the issue) |
| 2007-01-28 00:12:42 |
magilus |
bug |
|
|
added attachment 'cacti-edgy.debdiff' (cacti edgy debdiff fixing the issue) |
| 2007-01-28 01:13:29 |
magilus |
bug |
|
|
added attachment 'cacti_0.8.6h-1ubuntu3.1_all.deb' (cacti dapper deb fixing the issue) |
| 2007-01-28 01:15:00 |
magilus |
bug |
|
|
added attachment 'cacti_0.8.6h-3ubuntu0.1_all.deb' (cacti edgy deb fixing the issue) |
| 2007-01-30 15:15:56 |
magilus |
cacti: status |
In Progress |
Needs Info |
|
| 2007-01-30 15:15:56 |
magilus |
cacti: statusexplanation |
|
New cacti Edgy deb, available at [1], needs further user testing.
[1] http://gamesplace.info/opensource/ubuntu/cacti/cacti_0.8.6h-1ubuntu3.1_all.deb
New cacti Dapper deb should work but has to be fixed so that no dialogue appears. |
|
| 2007-03-03 19:28:36 |
magilus |
cacti: assignee |
pirast |
|
|
| 2007-03-03 19:29:03 |
magilus |
cacti: status |
In Progress |
Confirmed |
|
| 2007-03-03 19:29:25 |
magilus |
cacti: assignee |
pirast |
|
|
| 2007-03-03 19:29:25 |
magilus |
cacti: statusexplanation |
New cacti Edgy deb, available at [1], needs further user testing.
[1] http://gamesplace.info/opensource/ubuntu/cacti/cacti_0.8.6h-1ubuntu3.1_all.deb
New cacti Dapper deb should work but has to be fixed so that no dialogue appears. |
|
|
| 2007-03-12 18:49:06 |
Kees Cook |
cacti: status |
Needs Info |
Fix Committed |
|
| 2007-03-12 18:49:06 |
Kees Cook |
cacti: assignee |
|
keescook |
|
| 2007-03-12 18:49:06 |
Kees Cook |
cacti: statusexplanation |
|
Publishing edgy update now. Dapper still needs someone to fix the database errors. |
|
| 2007-03-12 20:41:36 |
Kees Cook |
cacti: status |
Fix Committed |
Fix Released |
|
| 2007-03-12 20:41:36 |
Kees Cook |
cacti: statusexplanation |
Publishing edgy update now. Dapper still needs someone to fix the database errors. |
|
|
| 2007-04-13 13:09:45 |
Marco Rodrigues |
cacti: status |
Confirmed |
Rejected |
|
| 2007-04-13 13:09:45 |
Marco Rodrigues |
cacti: statusexplanation |
|
Breezy support is over.. Today it's Breezy End Of Life! |
|
| 2007-04-16 22:44:47 |
Kees Cook |
cacti: status |
Confirmed |
Fix Released |
|
| 2007-04-16 22:44:47 |
Kees Cook |
cacti: statusexplanation |
|
Trent Lloyd tested similar fixes, and they seem to work, so I've published that version. It should be on the archives shortly.
|
|
| 2012-02-23 22:29:38 |
Kai Kasurinen |
removed subscriber Kai Kasurinen |
|
|
|
