Your message dated Mon, 5 Dec 2005 10:21:37 -0500
with message-id <[EMAIL PROTECTED]>
and subject line closing bug
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Nov 2005 08:31:47 +0000
>From [EMAIL PROTECTED] Sat Nov 26 00:31:47 2005
Return-path: <[EMAIL PROTECTED]>
Received: from www.heureka.co.at ([81.223.104.146])
by spohr.debian.org with esmtp (Exim 4.50)
id 1EfvTH-0001qo-7E
for [EMAIL PROTECTED]; Sat, 26 Nov 2005 00:31:47 -0800
Received: from chello062178169039.13.14.vie.surfer.at ([62.178.169.39]
helo=Ulrich)
by www.heureka.co.at with esmtp (Exim 3.35 1 (Debian))
id 1EfvT8-0007Za-00
for <[EMAIL PROTECTED]>; Sat, 26 Nov 2005 09:31:38 +0100
Message-ID: <[EMAIL PROTECTED]>
From: "Ulrich Huber" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Security-Issue in Cacti
Date: Sat, 26 Nov 2005 09:31:38 +0100
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-heureka.co.at-MailScanner: Found to be clean
X-heureka.co.at-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=-10,
benoetigt 4, FROM_HEUREKA -10.00)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-4.5 required=4.0 tests=HAS_PACKAGE,RCVD_IN_SORBS
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: Cacti
Version; 0.8.6c-7
According to the Cacti-Doku an a Forum Entry, there is a security hole (and
yes, it already happend to me on one of my machines...), which still exists
on the debian Version, but seems to be fixed in a newer Cacti-Release. So
please include the patch...
http://bugs.cacti.net/view.php?id=623 will tell you about the bug and the
way intruders are exploiting it.
regards
Ulrich Huber
---------------------------------------
Received: (at 340829-close) by bugs.debian.org; 5 Dec 2005 15:22:08 +0000
>From [EMAIL PROTECTED] Mon Dec 05 07:22:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl092-235-170.phl1.dsl.speakeasy.net ([66.92.235.170]
helo=stout.gradientsolutions.net)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EjIAK-0000va-Bc
for [EMAIL PROTECTED]; Mon, 05 Dec 2005 07:22:08 -0800
Received: from sativa.seanius.net (sativa.yale-house.net [10.0.0.113])
by stout.gradientsolutions.net (Postfix) with ESMTP id 387BB1BA18
for <[EMAIL PROTECTED]>; Mon, 5 Dec 2005 10:21:35 -0500 (EST)
Received: by sativa.seanius.net (Postfix, from userid 1000)
id E671DB812; Mon, 5 Dec 2005 10:21:37 -0500 (EST)
Date: Mon, 5 Dec 2005 10:21:37 -0500
From: sean finney <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: closing bug
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE"
Content-Disposition: inline
User-Agent: Mutt/1.5.11
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
after speaking off-bts with the submitter, it was decided that the
compromised machine was using the sarge version and not the
sarge-security version of cacti, hence the hack. thus, i'm
closing the bug.
sean
--=20
--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDlFsBynjLPm522B0RAsbOAJ90LjbZwO6CLvaGxFLj75E76II7bACfUsAP
eJ8er9FDDvpoLe1HX25mM4g=
=nOEf
-----END PGP SIGNATURE-----
--0OAP2g/MAC+5xKAE--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
