Zabbix down
Jeffrey Ollie
jeff at ocjtech.us
Wed Mar 4 14:43:45 UTC 2009
On Wed, Mar 4, 2009 at 8:34 AM, Mike McGrath <mmcgrath at redhat.com> wrote:
> On Wed, 4 Mar 2009, Ricky Zhou wrote:
>
>> Just to let everybody know, I confirmed a code execution vulnerability
>> on our zabbix install, so I've taken it down until we can apply fixes
>> for it:
>>
>> http://seclists.org/fulldisclosure/2009/Mar/0032.html
>>
>
> Thanks Ricky, I think it might be good for us to throw our zabbix install
> behind http basic auth like what we've done for cacti just so someone
> doesn't happen upon it in a vulnerable state.
I'm working on a new Zabbix package as well.
--
Jeff Ollie
More information about the Fedora-infrastructure-list
mailing list