Re: twlc advisory: all versions of php nuke are vulnerable...

From: Jessica Smith (crystalsingerat_private)
Date: Wed Feb 19 2003 - 15:15:12 PST

Next message: Mandrake Linux Security Team: "MDKSA-2003:020 - Updated openssl packages fix timing-based attack vulnerability"

Previous message: Martin Schulze: "[SECURITY] [DSA 252-1] New slocate packages fix local root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <000701c1452f$7f3fc670$8119fea9@supergate> >Systems Affected >all the versions ARE vulnerable >except '5.0 RC1' (i wonder why a released c. is ok while the final 5.2 is >bugged) <snip> >conclusions: >yet another bug of php nuke... this software is used by thousands of >people... (we run something based on it too) i hope that this time the >author will reply soon and will release a patch too! Just FYI, this was patched in PHPNuke 5.3, released way back in November 2001 - perhaps SecurityFocus can update the attack description to reflect this so that people running later versions don't worry unnecessarily? Jessica

Next message: Mandrake Linux Security Team: "MDKSA-2003:020 - Updated openssl packages fix timing-based attack vulnerability"
Previous message: Martin Schulze: "[SECURITY] [DSA 252-1] New slocate packages fix local root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 21 2003 - 14:30:54 PST