Bugtraq mailing list archives
Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
From: Maximiliano Müller <mmuller () sitioshispanos com>
Date: Wed, 12 Mar 2008 01:47:29 +0000 (UTC)
Hi, In case you didn't have this patch. Patch login.php as soon as possible (old bug). http://vhcs.puuhis.net/index.php?option=com_content&task=view&id=14&Itemid=1 For the new bug this is a quick solution * to modify the php.ini and to disable shell and execute functions disable_functions = system,system_exec,passthru,shell,shell_exec,exec * to not permit LOAD INLINE from mysql. We can disable this feature with the following line to the my.cnf in the section [mysqld] local-infile=0
Current thread:
- VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit gmdarkfig (Mar 10)
- Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit Maximiliano Müller (Mar 12)
- <Possible follow-ups>
- Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit app (Mar 13)
- Re: Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit sad_wabi_user (Mar 13)