[prev in list] [next in list] [prev in thread] [next in thread]
List: inet-access
Subject: cacti warning
From: Jon Lewis <jlewis () lewis ! org>
Date: 2007-01-15 18:30:57
Message-ID: Pine.LNX.4.61.0701151312560.2352 () soloth ! lewis ! org
[Download RAW message or body]
For anyone who hasn't already seen it, if you're running cacti and have it
accessible to the internet, you really need to get the latest version plus
a few official patches. By now, you've probably already been hit with
exploit attempts. I've heard from multiple people this weekend that their
servers running cacti were exploited and/or rooted with local security
holes after getting shell as the apache user.
Looking a little closer at cacti (I didn't pick/install ours, but got
stuck with maintaining it) it seems to me, it's pretty much a train wreck
securitywise. In a typical install, there's an awful lot of stuff left in
a "web servable" directory that has no business being there (and that's
the cause of this security hole). Those bits really ought to be split off
into a separate directory structure outside the reach of the web server.
The hole being exploited does not require an account or rights to see any
graphs. Just being able to get to the cacti directory / login page is
enough.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
"Eat sushi frequently". - Avi
inet@inet-access.net is the human contact address.
list@inet-access.net is the list posting address.
See below URL for subscribe/unsubscribe and list options:
http://inet-access.net/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic