Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Wed Nov 25, 2009 7:25 am (All times are UTC )

 

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Forum rules

Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 
  Print view Previous topic | Next topic 
Author Message
mattdpeterson
Posted: Thu Aug 25, 2005 7:36 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Fri Aug 19, 2005 7:01 am
Posts: 36
Location: Atlanta, GA
hey guys, anyone know what the impact of this vulnerability is on $ambo

http://www.theinquirer.net/?article=25697

What would the impact to mambo be to using the hardened PHP out there?
Top
   
 
mattdpeterson
Posted: Thu Aug 25, 2005 7:38 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Fri Aug 19, 2005 7:01 am
Posts: 36
Location: Atlanta, GA
doing a quick seach on the core code, the only file I find that uses eval() is the geshi mambot
Top
   
 
de
Posted: Thu Aug 25, 2005 7:57 pm 
Joomla! Ace
Joomla! Ace
Offline

Joined: Thu Aug 18, 2005 9:06 am
Posts: 1465
The problem is not using eval per-se I'd say... but using it wrong...
Anyway If I understand it correctly it is a late report of a not so new security report:
http://www.hardened-php.net/advisory_142005.66.html

See also:
http://forum.mamboserver.com/showthread.php?t=51129

_________________
http://de.siteof.de/

Top
   
 
masterchief
Posted: Thu Sep 01, 2005 4:45 am 
User avatar
Joomla! Ace
Joomla! Ace
Offline

Joined: Fri Aug 12, 2005 2:45 am
Posts: 1579
Location: Toowoomba, Australia
The problem revealed itself in the PEAR XML-RPC library.  We use a different one (phew), but de is right.  Any inbuilt function can be abused if mis-used by the programmer.

_________________
Andrew Eddie - Tweet @AndrewEddie
<><
http://www.theartofjoomla.com
http://www.kiva.org/team/joomla - Got Joomla for free? Pay it forward and help fight poverty.

Top
   
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 

Quick reply

 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Who is online

Users browsing this forum: No registered users and 12 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.