Menu
▾
▴
Re: [Simplog-devel] XML-RPC Exploits
|
From: Jeremy A. <ash...@13...> - 2005-07-07 18:20:31
|
they've added ina check to disable their functions if the xmlrpc=20 extension is installed Jim Hu wrote: > I'm a bit confused about whether this affects the installations that =20 > comment out functions in the xmlrpc.inc libraries and use the ones =20 > that come installed in php. On a completely different subject, I'm =20 > starting another software project and am planning on using the =20 > modularity ideas from Tom and Jeremy for it. > > Jim > > On Jul 7, 2005, at 12:33 PM, Jeremy Ashcraft wrote: > >> I'l add it in tonight. I was on vacation last week, but have a lot =20 >> of free time this week, so i'll get 0.9.2 out the door and started=20 >> on 1.0. >> >> Thomas Cort wrote: >> >>> As reported on slashdot there is a new xmlrpc exploit. >>> http://it.slashdot.org/it/05/07/04/2153224.shtml?=20 >>> tid=3D95&tid=3D172&tid=3D169 >>> >>> I believe that simplog uses phpxmlrpc (xmlrpc.inc & xmlrpcs.inc). Wil= l >>> replacing those two files close the hole? >>> >>> The new version which fixes the code injection vulnerability can be >>> downloaded here: >>> http://prdownloads.sourceforge.net/phpxmlrpc/xmlrpc-1.1.1.tgz?downloa= d >>> >>> Security Advisories >>> http://secunia.com/advisories/15852/ >>> http://news.postnuke.com/Article2699.html >>> >>> -Tom >>> >>> >>> ------------------------------------------------------- >>> SF.Net email is sponsored by: Discover Easy Linux Migration Strategie= s >>> from IBM. Find simple to follow Roadmaps, straightforward articles, >>> informative Webcasts and more! Get everything you need to get up to >>> speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=CCk >>> _______________________________________________ >>> Simplog-devel mailing list >>> Sim...@li... >>> https://lists.sourceforge.net/lists/listinfo/simplog-devel >>> >>> >> >> >> >> ------------------------------------------------------- >> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >> from IBM. Find simple to follow Roadmaps, straightforward articles, >> informative Webcasts and more! Get everything you need to get up to >> speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=3Dclick >> _______________________________________________ >> Simplog-devel mailing list >> Sim...@li... >> https://lists.sourceforge.net/lists/listinfo/simplog-devel > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=CCk > _______________________________________________ > Simplog-devel mailing list > Sim...@li... > https://lists.sourceforge.net/lists/listinfo/simplog-devel > |
