From owner-freebsd-questions@FreeBSD.ORG Wed Mar 3 08:21:51 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD1D016A4CE; Wed, 3 Mar 2004 08:21:51 -0800 (PST) Received: from postman.arcor.de (newsread1.arcor-online.net [151.189.0.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2361D43D2F; Wed, 3 Mar 2004 08:21:51 -0800 (PST) (envelope-from eikemeier@fillmore-labs.com) Received: from fillmore.dyndns.org (port-212-202-51-138.reverse.qsc.de [212.202.51.138]) (authenticated bits=0)i23GLgtw020168 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 3 Mar 2004 17:21:49 +0100 (MET) Received: from [172.16.0.2] (helo=fillmore-labs.com) by fillmore.dyndns.org with esmtp (Exim 4.30; FreeBSD) id 1AyZ7e-0002hm-Oz; Wed, 03 Mar 2004 17:21:26 +0100 Message-ID: <40460606.6000805@fillmore-labs.com> Date: Wed, 03 Mar 2004 17:21:26 +0100 From: Oliver Eikemeier Organization: Fillmore Labs GmbH - http://www.fillmore-labs.com/ MIME-Version: 1.0 To: rfa@msumain.edu.ph References: <3665.203.177.105.170.1078314472.squirrel@bayok.msumain.edu.ph> In-Reply-To: <3665.203.177.105.170.1078314472.squirrel@bayok.msumain.edu.ph> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit User-Agent: KMail/1.5.9 cc: ports@FreeBSD.org cc: freebsd-questions@FreeBSD.org Subject: Re: phpnuke forbidden, how to install? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ports@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 16:21:51 -0000 rfa@msumain.edu.ph wrote: > i wanted to install phpnuke for content but after cvsuping i found out that > > ===> phpnuke-6.9 is forbidden: SQL injection vulnerability in Php-Nuke <= > 7.1.0. > > and i checked the phpnuke website, they have a patched version of phpnuke. Where did you find that? I can't even find a security link. > im not really sure about not using the ports system coz i get the general > impression that it is much safer to install using that, but does anyone > think i should take the risk and try the patched version on their website? If you are concerned about security you should refrain from installing phpnuke until the security status is clarified and all known vulnerabilities are confirmed and closed by PHP-Nuke. > also is there a way to use the ports and bypass the forbidden part? Yes, you can build the port with make NO_IGNORE=yes DISABLE_VULNERABILITIES=yes but I strongly advise you not to do it, since the port contains publicly known remote exploitable security vulnerabilities. > im kinda nooby at the moment, still dont have san-goku like skills yet. go on, get r00ted. -Oliver