From: Arno L. <al...@it...> - 2008-10-03 11:14:17
|
Hello, we, that is, the team of people caring for the bacula.org web server, noticed an attempted to exposure of information. The attempt succeeded but only got unimportant information. We believe this was just a first scan for possible vulnerabilities. Until we resolve the underlying security problem, the web server will remain down. By the way: The vulnerability uses a well-known feature (or rather, problem) of php. Php is the script language that creates the pages shown to the user. It seems that the script, which was, as far as I can tell, donated by someone a while ago obviously was never checked for security... we do that now, and we will implement procedures to ensure more security auditing before we deploy any software in the future. Thanks for your patience, Arno Lehmann -- Arno Lehmann IT-Service Lehmann Sandstr. 6, 49080 Osnabrück www.its-lehmann.de |