From owner-freebsd-ports@FreeBSD.ORG Thu Sep 16 15:34:18 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 10E90106567A for ; Thu, 16 Sep 2010 15:34:18 +0000 (UTC) (envelope-from cvs-src@yandex.ru) Received: from forward13.mail.yandex.net (forward13.mail.yandex.net [95.108.130.120]) by mx1.freebsd.org (Postfix) with ESMTP id B39618FC2B for ; Thu, 16 Sep 2010 15:34:17 +0000 (UTC) Received: from smtp13.mail.yandex.net (smtp13.mail.yandex.net [95.108.130.68]) by forward13.mail.yandex.net (Yandex) with ESMTP id 971741080EEC; Thu, 16 Sep 2010 19:34:16 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1284651256; bh=tNzAgWdJHjdZltybQetVQOo+lapf1Uopv7j1kSBB8P0=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=p/jVptBFtbakdk2oh77itvYzxWYpRXu8Xq5k23KxaNPcYgYRvqH5RfJ4lVfOi8Wa7 BCRrFmNs+OmiSA/I1cZnvrSEKOwUcYgwB9V8U36yQNlFtx/tQmBja54F4/qB7zr56z zyM3j3KNmsawMUfX9F62C+gcioQJrpebt3RisnqQ= Received: from smeshariki2.local (unknown [77.66.145.223]) by smtp13.mail.yandex.net (Yandex) with ESMTPSA id 4E03C41580AB; Thu, 16 Sep 2010 19:34:16 +0400 (MSD) Message-ID: <4C923888.8010306@yandex.ru> Date: Thu, 16 Sep 2010 19:32:24 +0400 From: Ruslan Mahmatkhanov User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU; rv:1.9.2.9) Gecko/20100908 Thunderbird/3.1.3 MIME-Version: 1.0 To: Dan Langille References: <4C9176BD.3020903@langille.org> <4C91A6A2.90602@yandex.ru> <4C92358A.8040704@yandex.ru> In-Reply-To: <4C92358A.8040704@yandex.ru> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Yandex-TimeMark: 1284651256 X-Yandex-Spam: 1 X-Yandex-Front: smtp13.mail.yandex.net Cc: freebsd-ports@freebsd.org Subject: Re: www/openx vuln X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2010 15:34:18 -0000 16.09.2010 19:19, Ruslan Mahmatkhanov пишет: > 16.09.2010 17:59, Dan Langille пишет: >> >> On Thu, September 16, 2010 1:09 am, Ruslan Mahmatkhanov wrote: >>> 16.09.2010 05:45, Dan Langille пишет: >>>> This came in last night: http://blog.openx.org/09/security-update/ >>>> >>>> Port needs to be upgraded to 2.8.8 and a vuln entry created.... Sorry, >>>> bags not me. >>>> >>> >>> Until update is not come up, user can apply this workaround: >>> >>> echo "RemoveType .php"> www/images/.htaccess This should be done in www/admin/plugins/videoReport/lib/tmp-upload-images really, not www/images. Sorry for misinformation. >> >> Do you have a reference for this fix? A URL we can refer people to? > > Not really, but i read there (originally in Russian): > > http://translate.google.com/translate?js=n&prev=_t&hl=ru&ie=UTF-8&layout=2&eotf=0&sl=ru&tl=en&u=http%3A%2F%2Fwww.opennet.ru%2Fopennews%2Fart.shtml%3Fnum%3D27971 > > > that vulnerable plugin allows to attacker upload php-file into images > dir and that disabling handling php in that directory via RemoveHandler > or RemoveType successfully closes the bug. -- Regards, Ruslan