The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 
  Print view Previous topic | Next topic 
Author Message
mattdpeterson
PostPosted: Thu Aug 25, 2005 7:36 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Fri Aug 19, 2005 7:01 am
Posts: 36
Location: Atlanta, GA
hey guys, anyone know what the impact of this vulnerability is on $ambo

http://www.theinquirer.net/?article=25697

What would the impact to mambo be to using the hardened PHP out there?
Top
 Profile  
 
mattdpeterson
PostPosted: Thu Aug 25, 2005 7:38 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Fri Aug 19, 2005 7:01 am
Posts: 36
Location: Atlanta, GA
doing a quick seach on the core code, the only file I find that uses eval() is the geshi mambot
Top
 Profile  
 
de
PostPosted: Thu Aug 25, 2005 7:57 pm 
Joomla! Ace
Joomla! Ace
Offline

Joined: Thu Aug 18, 2005 9:06 am
Posts: 1475
The problem is not using eval per-se I'd say... but using it wrong...
Anyway If I understand it correctly it is a late report of a not so new security report:
http://www.hardened-php.net/advisory_142005.66.html

See also:
http://forum.mamboserver.com/showthread.php?t=51129

_________________
http://de.siteof.de/
Top
 Profile  
 
masterchief
PostPosted: Thu Sep 01, 2005 4:45 am 
User avatar
Joomla! Ace
Joomla! Ace
Offline

Joined: Fri Aug 12, 2005 2:45 am
Posts: 1916
Location: Toowoomba, Australia
The problem revealed itself in the PEAR XML-RPC library.  We use a different one (phew), but de is right.  Any inbuilt function can be abused if mis-used by the programmer.

_________________
Andrew Eddie - Tweet @AndrewEddie
<><
http://learn.theartofjoomla.com - Joomla 1.6 training videos!
http://www.kiva.org/team/joomla - Got Joomla for free? Pay it forward and help fight poverty.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Who is online

Users browsing this forum: No registered users and 43 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group