[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bacula-devel] Web site down


we, that is, the team of people caring for the bacula.org web server, 
noticed an attempted to exposure of information.

The attempt succeeded but only got unimportant information. We believe 
this was just a first scan for possible vulnerabilities.

Until we resolve the underlying security problem, the web server will 
remain down.

By the way: The vulnerability uses a well-known feature (or rather, 
problem) of php. Php is the script language that creates the pages 
shown to the user.

It seems that the script, which was, as far as I can tell, donated by 
someone a while ago obviously was never checked for security... we do 
that now, and we will implement procedures to ensure more security 
auditing before we deploy any software in the future.

Thanks for your patience,

Arno Lehmann

Arno Lehmann
IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück

This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
Bacula-devel mailing list

This mailing list archive is a service of Copilotco.