www/openx vuln

Ruslan Mahmatkhanov cvs-src at yandex.ru
Thu Sep 16 15:21:33 UTC 2010

16.09.2010 17:59, Dan Langille пишет:
> On Thu, September 16, 2010 1:09 am, Ruslan Mahmatkhanov wrote:
>> 16.09.2010 05:45, Dan Langille пишет:
>>> This came in last night: http://blog.openx.org/09/security-update/
>>> Port needs to be upgraded to 2.8.8 and a vuln entry created.... Sorry,
>>> bags not me.
>> Until update is not come up, user can apply this workaround:
>> echo "RemoveType .php">  www/images/.htaccess
> Do you have a reference for this fix? A URL we can refer people to?

Not really, but i read there (originally in Russian):


that vulnerable plugin allows to attacker upload php-file into images 
dir and that disabling handling php in that directory via RemoveHandler 
or RemoveType successfully closes the bug.


More information about the freebsd-ports mailing list