[pLog-svn] [Lifetype Vulnerability] Very Serious File Disclosure Problem (read passwords/config whatever you want)
Ammar Ibrahim
ammar.ibrahim at gmail.com
Wed Feb 14 03:46:38 EST 2007
Great, that's good enough. I didn't know there was a fix already.
On 2/14/07, Oscar Renalias <oscar at renalias.net> wrote:
> No, we're not going to openly tell you all how to do it. Suffice to
> say that it can be used to reveal configuration files via a URL.
>
> Looking at the fix should be enough to understand it.
>
> On 14 Feb 2007, at 10:35, Ammar Ibrahim wrote:
>
> > Can we have more info about this Vulnerability? I want to check if our
> > servers are infected with it,
> >
> > Ammar
> >
> > On 2/13/07, Matt Wood <matt at woodzy.com> wrote:
> >> Dev List,
> >>
> >> There exists a very serious file disclosure vulnerability within
> >> the RSS engines that allows anyone to read the contents of files
> >> considered to be secure.
> >>
> >> I highly suggest that everyone turn off all RSS off at the moment.
> >>
> >> I also suppose you will want to let other people know, I don't
> >> really have the time to mess with the forums warning people.
> >>
> >> Oscar / Jon, I will contact you separately later tonight as this
> >> vulnerability compromises www.lifetype.net... and I don't really
> >> want our new server to get hosed.
> >>
> >> -Matt
> >>
> >> _______________________________________________
> >> pLog-svn mailing list
> >> pLog-svn at devel.lifetype.net
> >> http://limedaley.com/mailman/listinfo/plog-svn
> >>
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://limedaley.com/mailman/listinfo/plog-svn
> >
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list