[CentOS] Off-Topic Mambo Vulnerabilities & Patches
Jim Smith
jim_smith2006 at yahoo.comTue Feb 28 13:06:32 UTC 2006
- Previous message: [CentOS] vpopmail over NFS not seeing new messages.
- Next message: [CentOS] Off-Topic Mambo Vulnerabilities & Patches
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On the Mambo CMS site there are vulnerabilities found. Whilst this is not a CentOS problem, people rent/deploy servers (CentOS) on the net with Mambo. A guy in one of the user forums on the net, had his Mambo 4.5.2 server hacked and they installed some interesting stuff in /tmp . When a server is hacked it gives bad PR for the underlying OS. <----announcement on http://www.mamboserver.com/-----> Investigations by GulfTech Research And Development have revealed a long standing weakness in Mambo that could allow a hacker to compromise sites built on Mambo. The firms findings will be published in about a week's time. The Mambo development team has created fixes for versions 4.5.3 and 4.5.3h. The new patch files can be found at MamboXchange The patch packages are delivered in both ZIP and TAR.GZ formats - select whichever is right for you. Each package contains two files - content.php and mambo.php. These should replace the corresponding files in your existing installation, as follows: (1) The first file (content.php) should be used to overwrite this file:/components/com_content/content.php. (2) The second file (mambo.php) should be used to overwrite this file: /includes/mambo.php. If you are running an earlier version of Mambo than 4.5.3 we recommend that you consider upgrading. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
- Previous message: [CentOS] vpopmail over NFS not seeing new messages.
- Next message: [CentOS] Off-Topic Mambo Vulnerabilities & Patches
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list