Hello,

we, that is, the team of people caring for the bacula.org web server, 
noticed an attempted to exposure of information.

The attempt succeeded but only got unimportant information. We believe 
this was just a first scan for possible vulnerabilities.

Until we resolve the underlying security problem, the web server will 
remain down.

By the way: The vulnerability uses a well-known feature (or rather, 
problem) of php. Php is the script language that creates the pages 
shown to the user.

It seems that the script, which was, as far as I can tell, donated by 
someone a while ago obviously was never checked for security... we do 
that now, and we will implement procedures to ensure more security 
auditing before we deploy any software in the future.

Thanks for your patience,

Arno Lehmann

-- 
Arno Lehmann
IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück
www.its-lehmann.de

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users