Your message dated Sun, 24 Jul 2005 17:22:34 -0400
with message-id <[EMAIL PROTECTED]>
and subject line security fixes available in all releases now
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Jun 2005 05:00:32 +0000
>From [EMAIL PROTECTED] Fri Jun 24 22:00:32 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl092-235-113.phl1.dsl.speakeasy.net (sativa.seanius.net)
[66.92.235.113]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Dm2mO-00066n-00; Fri, 24 Jun 2005 22:00:32 -0700
Received: by sativa.seanius.net (Postfix, from userid 1000)
id 8316715844; Sat, 25 Jun 2005 00:59:58 -0400 (EDT)
Date: Sat, 25 Jun 2005 00:59:58 -0400
From: seanius <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: cacti: vulnerable to remote exploit
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1+cvs20040105i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: cacti
Version: 0.8.6d-1
Severity: critical
Tags: sarge
Justification: root security hole
Multiple Vendor Cacti Remote File Inclusion Vulnerability:
http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities
Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability:
http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities
Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities:
http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities
note that these can not by themselves gain root access on a system,
though they have been reported to be used to leverage root on sarge
systems.
an update has been sitting on my p.d.o site since last friday, but
there has not yet been a security upload. i'll send the latest i mailed
to folks as an update to this bug.
sean
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-9-amd64-k8
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages cacti depends on:
ii apache 1.3.33-6 versatile, high-performance HTTP s
ii apache-ssl 1.3.33-6 versatile, high-performance HTTP s
ii debconf 1.4.50 Debian configuration management sy
ii libphp-adodb 4.52-1 The 'adodb' database abstraction l
ii logrotate 3.7-5 Log rotation utility
ii mysql-client-4.1 [mysql-clie 4.1.11a-4 mysql database client binaries
ii php4 4:4.3.10-15 server-side, HTML-embedded scripti
ii php4-cli 4:4.3.10-15 command-line interpreter for the p
ii php4-mysql 4:4.3.10-15 MySQL module for php4
ii php4-snmp 4:4.3.10-15 SNMP module for php4
ii rrdtool 1.0.49-1 Time-series data storage and displ
ii snmp 5.1.2-6.1 NET SNMP (Simple Network Managemen
ii ucf 1.18 Update Configuration File: preserv
-- debconf information excluded
---------------------------------------
Received: (at 315703-close) by bugs.debian.org; 24 Jul 2005 21:23:12 +0000
>From [EMAIL PROTECTED] Sun Jul 24 14:23:12 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl092-235-113.phl1.dsl.speakeasy.net (sativa.seanius.net)
[66.92.235.113]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DwnwG-0006fT-00; Sun, 24 Jul 2005 14:23:12 -0700
Received: by sativa.seanius.net (Postfix, from userid 1000)
id 22E3115834; Sun, 24 Jul 2005 17:22:34 -0400 (EDT)
Date: Sun, 24 Jul 2005 17:22:34 -0400
From: sean finney <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: security fixes available in all releases now
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q"
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1+cvs20040105i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
so i'm closing these bugs.
--=20
--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC5AaaynjLPm522B0RAtcrAJ45mQXwszwTUaOaqsj3L1QuzVloQQCcDgfL
NYjMqgsro0VCt0bzhdTWOYs=
=shoN
-----END PGP SIGNATURE-----
--Q68bSM7Ycu6FN28Q--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
