I just found that my b3 was vulnerable at this exploit:
http://www.exploit-db.com/exploits/29290/
It appears to have been announced only a few days ago, but it is already widespread, so I think all the bubba users with external access to their system could be at risk
the php5 package is in excito's repositories so even if someone plugs the vulnerability at debian.org, it will not appear as an upgrade to bubba users...
thanks and best regards
giovanni
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Apache / PHP 5.x Remote Code Execution Exploit
Re: Apache / PHP 5.x Remote Code Execution Exploit
Really?
http://forum.excito.net/viewtopic.php?f=9&t=4633
Edit: Sorry I was being myself again
.
The exploit is known for a few days and Excito has created a patch. This patch should go live with days, after which you can protect yourself via the web-based update utility. If you read the thread I mentioned above you can see what you can do to prevent this attack for your machine.
http://forum.excito.net/viewtopic.php?f=9&t=4633
Edit: Sorry I was being myself again
. The exploit is known for a few days and Excito has created a patch. This patch should go live with days, after which you can protect yourself via the web-based update utility. If you read the thread I mentioned above you can see what you can do to prevent this attack for your machine.
Re: Apache / PHP 5.x Remote Code Execution Exploit
Showing off your good side Ubi?Re: Apache / PHP 5.x Remote Code Execution Exploit
No problem...
I'm slightly busy, leaving for antarctica in a week, and my b3 works as an hub for my e-mail accounts, collecting everything and sending me a digest thru the laughable bandwidth of the e-mail account I have there: the timing of the attack could not be worse! The damn thing has literally become "the heart of my digital life" or whatever was the exact phrasing!
Yesterday I tried to find something related in the forum, I expected to see an active post (as it is now...), but didn't see anything. meh. maybe I was too tired.
Well, what's important is that I'll be able to plug the vulnerability before leaving
thanks again!
I'm slightly busy, leaving for antarctica in a week, and my b3 works as an hub for my e-mail accounts, collecting everything and sending me a digest thru the laughable bandwidth of the e-mail account I have there: the timing of the attack could not be worse! The damn thing has literally become "the heart of my digital life" or whatever was the exact phrasing!
Yesterday I tried to find something related in the forum, I expected to see an active post (as it is now...), but didn't see anything. meh. maybe I was too tired.
Well, what's important is that I'll be able to plug the vulnerability before leaving
thanks again!