1
allnewtome
bug been announced in PHPXMLRPC (Xoops affected?)
  • 2006/2/20 16:12

  • allnewtome

  • Not too shy to talk

  • Posts: 175

  • Since: 2005/11/30


Hi there, I just got this email (see below) from the guy who owns the server my site is on. Any experts care to comment? I don't pretend to understand it so reproduce it in full! Thanks in advance.

Quote:
Hi,

Just to let you know that there's a bug been announced in PHPXMLRPC:

http://www.theregister.co.uk/2006/02/20/linux_worm/
http://www.gulftech.org/?node=research&article_id=00088-07022005

The hole can be used to run arbitrary PHP code, so could be quite a security
risk. I've done a quick scan - it looks like XOOPS has its own XML RPC bundled
in it ( /home/xxxxxxxxx/public_html/xoops/xmlrpc.php ) that I assume isn't
affected. Just thought I'd give you a heads up so you can investigate if needed.

Cheers,

2
davidl2
Re: bug been announced in PHPXMLRPC (Xoops affected?)
  • 2006/2/20 18:04

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


I believe this was dealt with a couple of updates ago - so make sure if you're running 2.0.x - you've updated to 2.0.13.2

(see note below re-backups!)

3
allnewtome
Re: bug been announced in PHPXMLRPC (Xoops affected?)
  • 2006/2/20 20:16

  • allnewtome

  • Not too shy to talk

  • Posts: 175

  • Since: 2005/11/30


Quote:

davidl2 wrote:
I believe this was dealt with a couple of updates ago - so make sure if you're running 2.0.x - you've updated to 2.0.13.2

(see note below re-backups!)


Thanks for the swift response. Does the same apply to 2.2.3?

4
Herko
Re: bug been announced in PHPXMLRPC (Xoops affected?)
  • 2006/2/20 20:50

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


Quote:

allnewtome wrote:
Thanks for the swift response. Does the same apply to 2.2.3?

Of course...

Herko

5
allnewtome
Re: bug been announced in PHPXMLRPC (Xoops affected?)
  • 2006/2/20 20:52

  • allnewtome

  • Not too shy to talk

  • Posts: 175

  • Since: 2005/11/30


Fantastic Thanks.

Login

Who's Online

414 user(s) are online (332 user(s) are browsing Support Forums)


Members: 0


Guests: 414


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits