Menu
▾
▴
Re: [Simplog-devel] XML-RPC Exploits
|
From: Jim Hu <ji...@ta...> - 2005-07-07 18:04:53
|
I'm a bit confused about whether this affects the installations that =20 comment out functions in the xmlrpc.inc libraries and use the ones =20 that come installed in php. On a completely different subject, I'm =20 starting another software project and am planning on using the =20 modularity ideas from Tom and Jeremy for it. Jim On Jul 7, 2005, at 12:33 PM, Jeremy Ashcraft wrote: > I'l add it in tonight. I was on vacation last week, but have a lot =20= > of free time this week, so i'll get 0.9.2 out the door and started on =20= > 1.0. > > Thomas Cort wrote: > >> As reported on slashdot there is a new xmlrpc exploit. >> http://it.slashdot.org/it/05/07/04/2153224.shtml?=20 >> tid=3D95&tid=3D172&tid=3D169 >> >> I believe that simplog uses phpxmlrpc (xmlrpc.inc & xmlrpcs.inc). = Will >> replacing those two files close the hole? >> >> The new version which fixes the code injection vulnerability can be >> downloaded here: >> = http://prdownloads.sourceforge.net/phpxmlrpc/xmlrpc-1.1.1.tgz?download >> >> Security Advisories >> http://secunia.com/advisories/15852/ >> http://news.postnuke.com/Article2699.html >> >> -Tom >> >> >> ------------------------------------------------------- >> SF.Net email is sponsored by: Discover Easy Linux Migration = Strategies >> from IBM. Find simple to follow Roadmaps, straightforward articles, >> informative Webcasts and more! Get everything you need to get up to >> speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=CCk >> _______________________________________________ >> Simplog-devel mailing list >> Sim...@li... >> https://lists.sourceforge.net/lists/listinfo/simplog-devel >> >> > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=3Dclick > _______________________________________________ > Simplog-devel mailing list > Sim...@li... > https://lists.sourceforge.net/lists/listinfo/simplog-devel |
