Snowolf Inviato 11 Luglio 2005 Segnala Condividi Inviato 11 Luglio 2005 E' stata scoperta da qualche giorno una vulnerabilità gravissima in Xml-rpc. Xml-rpc è fondamentale in qualunque sito in php. Tutti i forum, cms, blog ecc o quasi non aggiornatissimi sono vulnerabili, in particolare phpbb >= 2.0.15, Xoops, Drupal, Wordpress ecc. Di exploits ce ne sono a bizzeffe, ne ho provati io stesso un paio e posso garantire che la vulnerabilità è seria, molto seria. In un paio di secondi ho preso l'hash md5 della password poi avrei dovuto convertirla ma avevo dato solo 7 lettere a rainbowcrack quando ho fatto le rainbowtables e le mie password sono più lunghe. Comunque assolutamente aggiornate tutto. Snowolf snowolf (at) snowolf (dot) eu Link al commento Condividi su altri siti Altre opzioni di condivisione...
Snowolf Inviato 11 Luglio 2005 Autore Segnala Condividi Inviato 11 Luglio 2005 Elenco completo software interessati: Xoops Xoops 2.0.12 Xoops Xoops 2.0.11 Xoops Xoops 2.0.10 Xoops Xoops 2.0.9 .3 Xoops Xoops 2.0.9 .2 Xoops Xoops 2.0.5 .2 Xoops Xoops 2.0.5 .1 Xoops Xoops 2.0.5 Xoops Xoops 2.0.3 Xoops Xoops 2.0.2 Xoops Xoops 2.0.1 Xoops Xoops 2.0 XML-RPC for PHP XML-RPC for PHP 1.1 XML-RPC for PHP XML-RPC for PHP 1.0.99 .2 XML-RPC for PHP XML-RPC for PHP 1.0.99 XML-RPC for PHP XML-RPC for PHP 1.0 2 XML-RPC for PHP XML-RPC for PHP 1.0 1 XML-RPC for PHP XML-RPC for PHP 1.0 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 + Gentoo Linux WordPress WordPress 1.2 + Gentoo Linux + Gentoo Linux 1.4 WordPress WordPress 0.71 WordPress WordPress 0.7 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2.0 TikiWiki Project TikiWiki 1.8.4 + Gentoo Linux TikiWiki Project TikiWiki 1.8.3 TikiWiki Project TikiWiki 1.8.2 TikiWiki Project TikiWiki 1.8.1 TikiWiki Project TikiWiki 1.8 TikiWiki Project TikiWiki 1.7.9 TikiWiki Project TikiWiki 1.7.8 TikiWiki Project TikiWiki 1.7.7 TikiWiki Project TikiWiki 1.7.6 TikiWiki Project TikiWiki 1.7.5 TikiWiki Project TikiWiki 1.7.4 TikiWiki Project TikiWiki 1.7.3 TikiWiki Project TikiWiki 1.7.2 TikiWiki Project TikiWiki 1.7.1 .1 TikiWiki Project TikiWiki 1.6.1 S9Y Serendipity 0.8.1 S9Y Serendipity 0.8 -beta6 Snapshot S9Y Serendipity 0.8 -beta6 S9Y Serendipity 0.8 -beta5 S9Y Serendipity 0.8 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server 9 RedHat Fedora Core4 RedHat Fedora Core3 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Desktop 4.0 RedHat Desktop 3.0 PostNuke Development Team PostNuke 0.76 RC4b PostNuke Development Team PostNuke 0.76 RC4a PostNuke Development Team PostNuke 0.76 RC4 PostNuke Development Team PostNuke 0.75 phpWebsite phpWebsite 0.10.1 phpWebsite phpWebsite 0.10 phpWebsite phpWebsite 0.9.3 -4 phpWebsite phpWebsite 0.9.3 -3 phpWebsite phpWebsite 0.9.3 -2 phpWebsite phpWebsite 0.9.3 -1 phpWebsite phpWebsite 0.9.3 phpPgAds phpPgAds 2.0.5 RC2 phpPgAds phpPgAds 2.0 phpMyFAQ phpMyFAQ 1.5 RC4 phpMyFAQ phpMyFAQ 1.5 RC3 phpMyFAQ phpMyFAQ 1.5 RC2 phpMyFAQ phpMyFAQ 1.5 RC1 phpMyFAQ phpMyFAQ 1.5 beta3 phpMyFAQ phpMyFAQ 1.5 beta2 phpMyFAQ phpMyFAQ 1.5 beta1 phpMyFAQ phpMyFAQ 1.5 alpha2 phpMyFAQ phpMyFAQ 1.5 alpha1 phpMyFAQ phpMyFAQ 1.4.8 phpMyFAQ phpMyFAQ 1.4.7 phpMyFAQ phpMyFAQ 1.4.6 phpMyFAQ phpMyFAQ 1.4.5 phpMyFAQ phpMyFAQ 1.4.4 phpMyFAQ phpMyFAQ 1.4.3 phpMyFAQ phpMyFAQ 1.4.2 phpMyFAQ phpMyFAQ 1.4.1 phpMyFAQ phpMyFAQ 1.4 a phpMyFAQ phpMyFAQ 1.4 -alpha 2 phpMyFAQ phpMyFAQ 1.4 -alpha 1 phpMyFAQ phpMyFAQ 1.4 PHPGroupWare PHPGroupWare 0.9.16 RC3 PHPGroupWare PHPGroupWare 0.9.16 RC2 PHPGroupWare PHPGroupWare 0.9.16 RC1 PHPGroupWare PHPGroupWare 0.9.16 .005 PHPGroupWare PHPGroupWare 0.9.16 .003 + Gentoo Linux PHPGroupWare PHPGroupWare 0.9.16 .002 PHPGroupWare PHPGroupWare 0.9.16 .000 PHPGroupWare PHPGroupWare 0.9.14 .007 PHPGroupWare PHPGroupWare 0.9.14 .006 PHPGroupWare PHPGroupWare 0.9.14 .005 PHPGroupWare PHPGroupWare 0.9.14 .004 PHPGroupWare PHPGroupWare 0.9.14 .003 PHPGroupWare PHPGroupWare 0.9.14 .002 PHPGroupWare PHPGroupWare 0.9.14 .001 PHPGroupWare PHPGroupWare 0.9.14 PHPGroupWare PHPGroupWare 0.9.13 - Debian Linux 2.2 PHPGroupWare PHPGroupWare 0.9.12 - Conectiva Linux 7.0 - Conectiva Linux 8.0 - Conectiva Linux 9.0 - MySQL AB MySQL 3.23.31 - MySQL AB MySQL 3.23.34 - MySQL AB MySQL 3.23.36 - PostgreSQL PostgreSQL 6.3.2 - PostgreSQL PostgreSQL 6.5.3 phpAdsNew phpAdsNew 2.0.4 -pr2 phpAdsNew phpAdsNew 2.0.4 -pr1 phpAdsNew phpAdsNew 2.0 beta 6 phpAdsNew phpAdsNew 2.0 beta 5 phpAdsNew phpAdsNew 2 dev 30092001 phpAdsNew phpAdsNew 2 dev 09102001 PHP-Wiki PHP-Wiki 1.3.11 _rc3 PHP-Wiki PHP-Wiki 1.3.11 _rc2 PHP-Wiki PHP-Wiki 1.3.10 PHP-Wiki PHP-Wiki 1.3.9 PHP-Wiki PHP-Wiki 1.3.3 PHP-Wiki PHP-Wiki 1.3.2 PHP-Wiki PHP-Wiki 1.3.1 PHP-Wiki PHP-Wiki 1.2.2 PHP-Wiki PHP-Wiki 1.2.1 PHP-Wiki PHP-Wiki 1.2 PEAR XML_RPC 1.3 RC3 PEAR XML_RPC 1.3 RC2 PEAR XML_RPC 1.3 RC1 PEAR XML_RPC 1.3 Nucleus CMS Nucleus CMS 3.2 Nucleus CMS Nucleus CMS 3.1 Nucleus CMS Nucleus CMS 3.0 RC Nucleus CMS Nucleus CMS 3.0 1 Nucleus CMS Nucleus CMS 3.0 MandrakeSoft Linux Mandrake 10.2 x86_64 MandrakeSoft Linux Mandrake 10.2 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MailWatch for MailScanner MailWatch for MailScanner 1.0 MailWatch for MailScanner MailWatch for MailScanner 0.5.1 MailWatch for MailScanner MailWatch for MailScanner 0.5 MailWatch for MailScanner MailWatch for MailScanner 0.4 eGroupWare eGroupWare 1.0.6 eGroupWare eGroupWare 1.0.3 eGroupWare eGroupWare 1.0.1 eGroupWare eGroupWare 1.0 .0.007 Drupal Drupal 4.6.1 Drupal Drupal 4.6 Drupal Drupal 4.5.3 Drupal Drupal 4.5.2 Drupal Drupal 4.5.2 Drupal Drupal 4.5.1 Drupal Drupal 4.5 CivicSpace Labs CivicSpace 0.8.1 CivicSpace Labs CivicSpace 0.8 .0.5 CivicSpace Labs CivicSpace 0.8 .0.4 CivicSpace Labs CivicSpace 0.8 .0.3 CivicSpace Labs CivicSpace 0.8 .0.2 CivicSpace Labs CivicSpace 0.7.2 BLOG:CMS BLOG:CMS 3.6.4 BLOG:CMS BLOG:CMS 3.6.2 Ampache Ampache 3.3.1 Ampache Ampache 3.3 Ampache Ampache 3.2.4 Ampache Ampache 3.2.3 Ampache Ampache 3.2.2 Ampache Ampache 3.2.1 Ampache Ampache 3.2 Snowolf snowolf (at) snowolf (dot) eu Link al commento Condividi su altri siti Altre opzioni di condivisione...
Messaggi raccomandati
Archiviato
Questa discussione è archiviata e chiusa a future risposte.