Go Back   Mosets Community > Mosets Announcements and Discussions > Mosets & Joomla

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 11-21-2005, 04:54 AM
Kimon Kimon is offline
Member
 
Join Date: Feb 2005
Location: Greece
Posts: 34
Exclamation New security vulnerability found

Hi, since all users of Tree or HP use mambo/Joomla installations, it might be a really good idea to keep an eye on this: http://forum.joomla.org/index.php/topic,19204.0.html
It looks serious, and at this time there is no patch available.
I guess that the core team for both mambo & Joomla will comeup with somethin to solve this, so we will have to update the soonest possible.
Reply With Quote
  #2  
Old 11-21-2005, 09:55 AM
Alex Alex is offline
Mosets'd
 
Join Date: Dec 2004
Location: London
Posts: 2,047
Default

Yes Kimon,

We have been told that a patch is to come out very soon! Here is what I've got from Emir:

---------------------------

A minor security exploit has been found in Mambo/Joomla. Not all sites can be defaced but it\'s good if you patch your own site to be on the safe side.

Official patch will be released shortly on Joomla! site (www.joomla.org). The exploit is patched by replacing file globals.php. The same file can be used on Mambo 4.5.2 too.

Regards,
Emir Sakic
http://www.sakic.net
__________________
Alex,
Web Developer & StrataBlue
Reply With Quote
  #3  
Old 11-21-2005, 09:58 AM
Alex Alex is offline
Mosets'd
 
Join Date: Dec 2004
Location: London
Posts: 2,047
Default

By the way,

Here is a temporary fix - http://nopaste.php-q.net/172945.
__________________
Alex,
Web Developer & StrataBlue
Reply With Quote
  #4  
Old 11-21-2005, 09:43 PM
Kimon Kimon is offline
Member
 
Join Date: Feb 2005
Location: Greece
Posts: 34
Default

The hole will be patched at the coming 1.0.4 update in Joomla.
There is a fix in Joomla forum with a replacement globals.php file, that emulates register globals-on. Suposely patches the hole.
Can be found here.
Don't forget to rename the file to globals.php
There is also an updated version of SEF advance (4.2.4) from Emir Sakic that addresses these isues.

Plz forgive my English.
Reply With Quote
  #5  
Old 11-21-2005, 11:25 PM
Kimon Kimon is offline
Member
 
Join Date: Feb 2005
Location: Greece
Posts: 34
Default

Quote:
Originally Posted by Alex
Yes Kimon,

We have been told that a patch is to come out very soon! Here is what I've got from Emir:

---------------------------

A minor security exploit has been found in Mambo/Joomla. Not all sites can be defaced but it\'s good if you patch your own site to be on the safe side.

Official patch will be released shortly on Joomla! site (www.joomla.org). The exploit is patched by replacing file globals.php. The same file can be used on Mambo 4.5.2 too.

Regards,
Emir Sakic
http://www.sakic.net
Sorry for the previous post.
I was working with Ie in half-screen and I didn't notice....
Thnx for all.
Reply With Quote
  #6  
Old 11-22-2005, 04:41 AM
herohat herohat is offline
Mosets'd
 
Join Date: Feb 2005
Posts: 93
Default

Is safe those codes?. Have you been test those codes?.
Reply With Quote
  #7  
Old 11-22-2005, 02:59 PM
Kimon Kimon is offline
Member
 
Join Date: Feb 2005
Location: Greece
Posts: 34
Default

Quote:
Originally Posted by herohat
Is safe those codes?. Have you been test those codes?.
For Joomla users, ver# 1.0.4 is out. It closes those holes, fixes about 90 bugs, and from what I can say it doesn't brake HP. See this post.
You can download from here.
For Mambo instalations, see here , and here.
Reply With Quote
  #8  
Old 11-22-2005, 10:43 PM
herohat herohat is offline
Mosets'd
 
Join Date: Feb 2005
Posts: 93
Default

thank you...

I have fixed mambo, I hope moved to joomla soon.
Reply With Quote
  #9  
Old 11-23-2005, 09:08 AM
dknight dknight is offline
Mosets Team - Lead Developer
 
Join Date: Dec 2004
Posts: 26,425
Default

If you're using Mambo 4.5.2.3, please patch your site with the following file:

http://mamboforge.net/frs/download.p...curity_fix.zip

Doesn't matter if you have done hacks to your site, the patch is as simple as overwriting all the index*.php files in the root and /administrator
__________________
Lee
Lead Developer
Mosets.com - Quality Joomla! Solutions
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Patch cafemonkey Mosets & Joomla 7 02-03-2005 10:38 AM
Important Security Patch for Mambo 4.5.1a and 4.5(1.0.9) dknight Announcements 0 02-02-2005 10:47 AM


All times are GMT +8. The time now is 08:07 PM.

Copyright © 2005-2010 Mosets Consulting

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.