Go Back   Mosets Community > Mosets Announcements and Discussions > Announcements

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 02-02-2005, 10:47 AM
dknight dknight is offline
Mosets Team - Lead Developer
 
Join Date: Dec 2004
Posts: 26,645
Default Important Security Patch for Mambo 4.5.1a and 4.5(1.0.9)

The Mambo team has just released a security update to Mambo this morning.

All Mambo webmasters are strongly advised to update their site immediately.

Although we have not received any reports on the exploit being used in Mambo websites, it is serious and it enables the attacker to gain full access to your Mambo admin.

Quote:
Originally Posted by Andrew Eddie
Patches are available for Mambo Version 4.5.0-1.0.9 and Version 4.5.1a at MamboForge to counter a vulnerability within Mambo. All administrators of Mambo sites are encouraged to upgrade at their earlist convenience.

At this time we are not releasing details of how to leverage this vulnerability to protect existing sites.

The patch files contains a new version of /includes/mambo.php which has a countermeasure for this vulnerability. Simply upload the mambo.php in the zip to your server, replacing you existing /includes/mambo.php file on your site.

Note that for a 4.5.0 site, the file is /classes/mambo.php.

*Update*

It appears this issue is related to a vulnerability found in PHP last month.
Download the patch file from Mamboforge.net
Download this file if you have an existing Mambo site
Patch for Mambo 4.5.1a
Patch for Mambo 4.5 (1.0.9)

New release has also been announced
Download this file if you're planning to install Mambo for the first time.
Mambo 4.5.1b

Announcement at the official forum:
http://forum.mamboserver.com/showthread.php?t=29960

Announcement at Mamboforge.net
http://mamboforge.net/forum/forum.php?forum_id=3596

Discussions
New Mambo Exploit Found - http://forum.mamboserver.com/showthread.php?t=29961
Security Patch a Must Upgrade - http://www.mambers.com/showthread.php?t=24326
Phil Taylor Hacked! - http://www.mambers.com/showthread.php?t=24323
__________________
Lee
Lead Developer
Mosets.com - Quality Joomla! Solutions
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +8. The time now is 02:25 AM.

Copyright © 2005-2010 Mosets Consulting

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.