Comment 2 for bug 881406
Revision history for this message
| Pierre Chifflier (pollux-debian) wrote | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
(writing in English since this post may be read by others, later)
After a quick verification, the Debian package in version 2.0.2-1 is vulnerable.
Given that the snmp_com.txt file contains community names, which can be read-write, I think this bug can deserve a very important severity.
As a workaround, I'd like to disable the alias line in the Apache configuration (thus, removing access to this file). This will, of course, break any associated feature. Is this OK for the OCS Inventory team ?
Pierre