[CentOS] Off-Topic Mambo Vulnerabilities & Patches

Tue Feb 28 13:06:32 UTC 2006
Jim Smith <jim_smith2006 at yahoo.com>

On the Mambo CMS site there are vulnerabilities found. Whilst this is
not a CentOS problem, people rent/deploy servers (CentOS) on the net
with Mambo. A guy in one of the user forums on the net, had his Mambo
4.5.2 server hacked and they installed some interesting stuff in /tmp
. When a server is hacked it gives bad PR for the underlying OS.

<----announcement on http://www.mamboserver.com/----->
Investigations by GulfTech Research And Development have revealed a
long standing weakness in Mambo that could allow a hacker to
compromise sites built on Mambo. The firms findings will be published
in about a week's time.

The Mambo development team has created fixes for versions 4.5.3 and
4.5.3h. The new patch files can be found at MamboXchange

The patch packages are delivered in both ZIP and TAR.GZ formats -
select whichever is right for you. Each package contains two files -
content.php and mambo.php. These should replace the corresponding
files in your existing installation, as follows:
(1) The first file (content.php) should be used to overwrite this
file:/components/com_content/content.php.

(2) The second file (mambo.php) should be used to overwrite this
file:
/includes/mambo.php.

If you are running an earlier version of Mambo than 4.5.3 we
recommend that you consider upgrading.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com