lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 18 Jan 2007 09:39:28 -0800
From: Steve Friedl <steve@...xwiz.net>
To: bugtraq@...urityfocus.com
Subject: Re: FW: [cacti-announce] Cacti 0.8.6j Released

On Thu, Jan 18, 2007 at 08:26:37AM -0500, Warner Moore wrote:
> That's right, it's not vendor specific guys.  Yay!

These vulnerabilities are very easy to exploit remotely without
authentication, and these ARE being exploited in the wild (I've seen
two hacked systems in the last week). Remote shells are not your friend.

If you have a Cacti instance whose web interface is exposed to the world,
you MUST jump on this.

Steve
--- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve@...xwiz.net

> ---------------------------------------------------------------
> Cacti version 0.8.6j has been released to address multiple 
> vulnerabilities discovered in Cacti's PHP-based poller.
> 
> It is recommended that all users upgrade immediately. A patch containing
> only the security fixes has been provided for both Cacti versions 0.8.6h
> and 0.8.6i. Please see the official patches page for application
> instructions and further information.
> 
> http://www.cacti.net/download_patches.php
> 
> See the release notes for additional information about this release.
> 
> http://www.cacti.net/release_notes_0_8_6j.php
> 
> All files related to this release can be found under the downloads
> section on the Cacti website.
> 
> http://www.cacti.net/download_cacti.php

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve@...xwiz.net

Powered by blists - more mailing lists