Kauft das PHP-Sicherheitsbuch!

Dritte Auflage

Jetzt bestellen!

ISBN-13: 978-3898643696
€ 36,00

Links

XING
(Profil nur für Xing-Mitglieder sichtbar)
Rootserver, Colocation, Hosting
My amazon wishlist
VServer Hosting

Pages

Frontpage
About Christopher Kunz
Kontaktformular

Syndicate This Blog

Friday, December 29. 2006

Cacti "cmd.php" Command Execution - Hotfix


Hi,

just a real quick hotfix to the critical vulnerability described in this advisory:

<Files cmd.php>
Deny from All
</Files>

Put this into the .htaccess in your cacti directory and you should be good. This does not have any impact on the poller cronjob and does not require code or ini changes.


Posted by Christopher Kunz at 16:42 | Comments (2) | Trackbacks (0)
Defined tags for this entry: , , , , , ,
Related entries by tags:

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

thanks for the tip, it also works when you set the file permissions to 700.
#1 herbert (Homepage) on 2006-12-30 12:55 (Reply)
You should also note that the webserver needs to read the .htaccess files in that directory and allow the usage of Deny there.

Balu
#2 Balu on 2006-12-31 01:27 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA