Menu
▾
▴
Re: [Phpwebsite-developers] Fwd: Security Notice
|
From: Matthew M. <ma...@tu...> - 2005-07-25 13:29:25
|
Download the most recent version of Pear and install. http://phpwebsite.appstate.edu/downloads/pear/pear-1.3.5.tar.gz On Fri, 2005-07-22 at 21:52 -0400, George Brackett wrote: > I just received the following message from my webhost. Apparently > (check http://www.securityfocus.com/bid/14088) all recent versions of > phpWebSite up to 0.10.1 are vulnerable. Should I be concerned? If > so, are any changes anticipated to deal with this problem? > > > George > > > Begin forwarded message: > > From: su...@on... > Date: July 22, 2005 8:19:50 PM EDT > To: gbr...@lu... > Cc: gbr...@co... > Subject: Security Notice > Reply-To: su...@on... > > > > Dear George Brackett, > > > Recently, a vulnerability associated with XML-RPC for PHP was > discovered and > reported to the security information community. The XML-RPC library is > used > in various content management systems. There is a possibility that a > security hole can be introduced through this vulnerability whereby an > attacker could execute arbitrary commands as the www user. Among other > things, such an attack could lead to unauthorized access to your web > files. > Most of our customers are not affected by this vulnerability (98% are > not at risk), but to be sure you should review the list and link below > to see if you are using any of the software mentioned. A partial list > includes: > > > (1) WordPress, > (2) Serendipity > (3) Drupal > (4) egroupware > (5) MailWatch > (6) TikiWiki > (7) phpWebSite > (8) Ampache > > > To see a full list of vulnerable software please view this link: > http://www.securityfocus.com/bid/14088 > > > The only way to fix vulnerable software is to contact the > vendor/provider > and check for the availability of a security patch or an upgrade. If > you use > a content management system that is NOT listed in the report, you are > strongly encouraged to contact the vendor/provider to confirm the > integrity and safety of the application. > > > We are working toward a global fix for this vulnerability, but in the > meantime we urge you to follow the steps above. > > > Sincerely, > Support Team, > One World Hosting > -- Matthew McNaney Electronic Student Services Appalachian State University http://phpwebsite.appstate.edu |
