Re: Announcement: Joomla on VAMP
From: Rich Jordan (jordan_at_ccs4vms.com)
Date: 23 Nov 2005 09:47:14 -0800
FYI, from SANS ( http://isc.sans.org/diary.php?date=2005-11-20 )
"Mambo Exploit confirmed in the wild"
I have no info on the susceptibility of the newly released CSWS_PHP
>> Although we initially reported that some versions of PHP may not be vulnerable to this attack, the Mambo Development Team has revised their assessment to state that all versions of PHP are vulnerable. They also point out that the flaw "is not specific to Mambo and has not been totally blocked in Joomla, as can be verified in the Joomla forum." The fix listed on the Mambo forum "can be applied at the entry point to any PHP application that may be vulnerable, including Joomla." Joomla is another PHP-based content management system. This, along with other security issues, is addressed in Joomla 1.0.4.