Just to let everybody know, I confirmed a code execution vulnerability on our zabbix install, so I've taken it down until we can apply fixes for it:
http://seclists.org/fulldisclosure/2009/Mar/0032.html
Thanks, Ricky
On Wed, 4 Mar 2009, Ricky Zhou wrote:
Just to let everybody know, I confirmed a code execution vulnerability on our zabbix install, so I've taken it down until we can apply fixes for it:
Thanks Ricky, I think it might be good for us to throw our zabbix install behind http basic auth like what we've done for cacti just so someone doesn't happen upon it in a vulnerable state.
-Mike
On Wed, Mar 4, 2009 at 8:34 AM, Mike McGrath mmcgrath@redhat.com wrote:
On Wed, 4 Mar 2009, Ricky Zhou wrote:
Just to let everybody know, I confirmed a code execution vulnerability on our zabbix install, so I've taken it down until we can apply fixes for it:
Thanks Ricky, I think it might be good for us to throw our zabbix install behind http basic auth like what we've done for cacti just so someone doesn't happen upon it in a vulnerable state.
I'm working on a new Zabbix package as well.
infrastructure@lists.fedoraproject.org