FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 03-04-2009, 09:30 AM
Ricky Zhou
 
Default Zabbix down

Just to let everybody know, I confirmed a code execution vulnerability
on our zabbix install, so I've taken it down until we can apply fixes
for it:

http://seclists.org/fulldisclosure/2009/Mar/0032.html

Thanks,
Ricky
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 03-04-2009, 01:34 PM
Mike McGrath
 
Default Zabbix down

On Wed, 4 Mar 2009, Ricky Zhou wrote:

> Just to let everybody know, I confirmed a code execution vulnerability
> on our zabbix install, so I've taken it down until we can apply fixes
> for it:
>
> http://seclists.org/fulldisclosure/2009/Mar/0032.html
>

Thanks Ricky, I think it might be good for us to throw our zabbix install
behind http basic auth like what we've done for cacti just so someone
doesn't happen upon it in a vulnerable state.

-Mike

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 03-04-2009, 01:43 PM
Jeffrey Ollie
 
Default Zabbix down

On Wed, Mar 4, 2009 at 8:34 AM, Mike McGrath <mmcgrath@redhat.com> wrote:
> On Wed, 4 Mar 2009, Ricky Zhou wrote:
>
>> Just to let everybody know, I confirmed a code execution vulnerability
>> on our zabbix install, so I've taken it down until we can apply fixes
>> for it:
>>
>> http://seclists.org/fulldisclosure/2009/Mar/0032.html
>>
>
> Thanks Ricky, I think it might be good for us to throw our zabbix install
> behind http basic auth like what we've done for cacti just so someone
> doesn't happen upon it in a vulnerable state.

I'm working on a new Zabbix package as well.

--
Jeff Ollie

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 06:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org