Sicherheitsloch in SysCP 1.2.15
Februar 3rd, 2007 von 
Timo Dreger
Gesternabend kam die Info per Mail rein, dass sich in der aktuellen SysCP Version 1.2.15 ein Sicherheitsloch befindet:
we are very sorry, but there is a security hole inside the latest
SysCP version (1.2.15). Any customer could run malicious code as
root. This vulnerability is only exploitable in SysCP 1.2.15, no
other version is affected.
Since this is not the best thing, we are releasing a patch together
with this announcementIt's only a tiny patch, since SysCP itself
brings already all the code to prevent such code-injections. The
problem: in this special case it accidentally wasn't used.
Many thanks go to Daniel Schulte, who found this vulnerability!You can fix your installation by replacing "exec" with "safe_exec" in
scripts/cron_tasks.php on line 255 or applying the patch provided on
our homepage (http://files.syscp.org/misc/syscp-1.2.15s.patch) by
executing "patch -p0 < syscp-1.2.15s.patch".
Ich habe also gerade eben erstmal unsere SysCP Versionen gepatched 
Geschrieben in Allgemein | 
Keine Kommentare »