Re: Announcement: Joomla on VAMP

From: Rich Jordan (jordan_at_ccs4vms.com)
Date: 11/23/05

• Next message: Tom Linden: "Re: DECpark (Reading, UK) to close after 25 years"
• Previous message: Martin Borgman: "Re: PHP_MYSQL/SWS2.1 and authorization"
• In reply to: issinoho: "Announcement: Joomla on VAMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 23 Nov 2005 09:47:14 -0800

FYI, from SANS ( http://isc.sans.org/diary.php?date=2005-11-20 )
"Mambo Exploit confirmed in the wild"

I have no info on the susceptibility of the newly released CSWS_PHP

>> Although we initially reported that some versions of PHP may not be vulnerable to this attack, the Mambo Development Team has revised their assessment to state that all versions of PHP are vulnerable. They also point out that the flaw "is not specific to Mambo and has not been totally blocked in Joomla, as can be verified in the Joomla forum." The fix listed on the Mambo forum "can be applied at the entry point to any PHP application that may be vulnerable, including Joomla." Joomla is another PHP-based content management system. This, along with other security issues, is addressed in Joomla 1.0.4.

---

• Next message: Tom Linden: "Re: DECpark (Reading, UK) to close after 25 years"
• Previous message: Martin Borgman: "Re: PHP_MYSQL/SWS2.1 and authorization"
• In reply to: issinoho: "Announcement: Joomla on VAMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.os.vms  > 2005-11