[mrtg] Mrtg Path Disclosure "Vulnerability"

Tobias Oetiker oetiker at ee.ethz.ch
Mon Feb 4 07:51:00 MET 2002


Over the weekend there was a post to bugtraq, claiming that mrtg
was vulnerable to a path disclosure ...

Please note, that what they mean is 14all.cgi which is not part of
mrtg ... but a external program used for displaying mrtg graphs
online when using mrtg in connection with rrdtool.

So unless you ARE using 14all you do not have a problem (if you use
14all, I am sure you will know because this has to be setup


 ______    __   _
/_  __/_  / /  (_) Oetiker, ETZ J97, ETH, 8092 Zurich, Switzerland
 / // _ \/ _ \/ / phoneto:+41(0)1-632-5286  faxto:+41(0)1-632-1517
/_/ \.__/_.__/_/ oetiker at ee.ethz.ch http://google.com/search?q=tobi

Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list