Cacti 0.8.7b and 0.8.6k release - IMPORTANT SECURITY UPDATES

[rony]

Am I safe to assume those of us using web-basic authentication exclusively are safe from the security issues? (Assuming of course that authenticated users are trustworthy )

Andrew

That would be a correct assumption.

[super-hornet]

Hi all

I tried 2 times and this is what I get/found.

I use the 0.8.7b and then apply the Plugin Architecture 2.0 using the patch method. I get alot of files that rejects from patching. It is like incompatible or does not telly.

I then tried using the pre-patched filed included in the PA 2.0 and overwrite my 0.8.7b. Import the PA.SQL files and after that, try to access it, I get no graphics. It is like the patch to the webpages are wrong.
e.g,
my cacti is in http://123.123.123.123/cacti
But after the PA 2.0, the link inside the cacti become like /cacti/i/

SH

[Nemea]

@super-hornet:
found this somewhere:

try adding a line to cacti/site/include/plugins.php

at the bottom of the file you will find:

define('URL_PATH', $config['url_path']);


change to:

$config['url_path'] = '/cacti/';
define('URL_PATH', $config['url_path']);


and replace '/cacti/' with your url.

Thsi fixed it for me.

[mduling]

This tip fixed the images problem. Thanks! But one last hurdle for me are the errors below. Anyone have a solution for that with PA 2.0 and Cacti 0.8.7b? And yes, this has been posted in the PA forum, but I see no answers so I'm asking here out of desperation. I did a fresh Cacti install and I imported the PA schema and edit global.php for MySQL info. Thanks.

----------
Warning: reset(): Passed variable is not an array or object in /opt/local/share/cacti/lib/functions.php on line 146

Warning: Variable passed to each() is not an array or object in /opt/local/share/cacti/lib/functions.php on line 147

Warning: reset(): Passed variable is not an array or object in /opt/local/share/cacti/lib/functions.php on line 146

Warning: Variable passed to each() is not an array or object in /opt/local/share/cacti/lib/functions.php on line 147

Warning: reset(): Passed variable is not an array or object in /opt/local/share/cacti/lib/functions.php on line 146

Warning: Variable passed to each() is not an array or object in /opt/local/share/cacti/lib/functions.php on line 147

[fmangeant]

Hi

please post this in General or Unix forum.

[sradman]

Hi guys,

The patch "Invalid Upgrade Path from 0.8.6k Fix" posted on the official patches for 0.8.7b page is still broken (malformed patch).
Identation must have been lost on the way.

http://www.cacti.net/download_patches.p ... ion=0.8.7b
http://www.cacti.net/downloads/patches/ ... _fix.patch

Please replace with a sane/tested version.

Thanks
Stefan

[suyashjain]

Their is a big bug in cacti , in which it asks to change the "admin" password without login.

type the following url in browser and replace x.x.x.x with your cacti ip .
http://x.x.x.x/auth_changepassword.php? ... ubmit=Save

It will change the admin password without any delay.

test it out immediately . I have tested it on latest cacti-0.8.7b version also.

[rony]

Please submit a bug report at http://www.cacti.net/bugs.php

[sradman]

> It will change the admin password without any delay.

I'm running 0.8.7a and cannot confirm your report. The URL you posted will NOT change the admin password in my cacti installation.

[rony]

Unable to reproduce on either Cacti 0.8.7 or Cacti 0.8.6.

Make sure that you are NOT logged in when you attempt to change the password.