mike.jakubik at intertainservices.com
Thu Sep 16 15:34:23 UTC 2010
The risk is real, my own server was compromised yesterday.
I am in the process of creating an updated port, should file a pr soon,
but it should be marked as forbidden until then.
On Thu, 2010-09-16 at 19:19 +0400, Ruslan Mahmatkhanov wrote:
> 16.09.2010 17:59, Dan Langille пишет:
> > On Thu, September 16, 2010 1:09 am, Ruslan Mahmatkhanov wrote:
> >> 16.09.2010 05:45, Dan Langille Ð¿Ð¸ÑˆÐµÑ‚:
> >>> This came in last night: http://blog.openx.org/09/security-update/
> >>> Port needs to be upgraded to 2.8.8 and a vuln entry created.... Sorry,
> >>> bags not me.
> >> Until update is not come up, user can apply this workaround:
> >> echo "RemoveType .php"> www/images/.htaccess
> > Do you have a reference for this fix? A URL we can refer people to?
> Not really, but i read there (originally in Russian):
> that vulnerable plugin allows to attacker upload php-file into images
> dir and that disabling handling php in that directory via RemoveHandler
> or RemoveType successfully closes the bug.
More information about the freebsd-ports