16.09.2010 19:19, Ruslan Mahmatkhanov пишет:
16.09.2010 17:59, Dan Langille пишет:
On Thu, September 16, 2010 1:09 am, Ruslan Mahmatkhanov wrote:
16.09.2010 05:45, Dan Langille пишет:
This came in last night: http://blog.openx.org/09/security-update/
Port needs to be upgraded to 2.8.8 and a vuln entry created.... Sorry,
bags not me.
Until update is not come up, user can apply this workaround:
echo "RemoveType .php"> www/images/.htaccess
This should be done in
www/admin/plugins/videoReport/lib/tmp-upload-images really, not
www/images. Sorry for misinformation.
Do you have a reference for this fix? A URL we can refer people to?
Not really, but i read there (originally in Russian):
http://translate.google.com/translate?js=n&prev=_t&hl=ru&ie=UTF-8&layout=2&eotf=0&sl=ru&tl=en&u=http%3A%2F%2Fwww.opennet.ru%2Fopennews%2Fart.shtml%3Fnum%3D27971
that vulnerable plugin allows to attacker upload php-file into images
dir and that disabling handling php in that directory via RemoveHandler
or RemoveType successfully closes the bug.
--
Regards,
Ruslan
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
