Re: Security hole in Confixx backup script

[Sergey Lystsev <slystsev () sw-soft com>]

You did not mention in which Confixx version you have found these errors.

Confixx development team can say, that all 3 mentioned issues:
* http://lists.netsys.com/pipermail/full-disclosure/2004-July/024388.html
* http://lists.netsys.com/pipermail/full-disclosure/2004-August/024647.html
* http://lists.netsys.com/pipermail/full-disclosure/2004-August/024899.html
are fixed now (since 19 July 2004).

The properly updated system is free of these vulnerabilities. To get 
properly updated system user needs to:

1) install Confixx Professional 3.0.3 patch. 
        User can download it from the URL 
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/
        Also user may use one of the direct links below (choose proper mysql 
version):
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_update_Pro_3.0.3_mysql4.tgz
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_update_Pro_3.0.3_mysql3.tgz

2) install hotfix #002 for Confixx Professional 3.0.3:
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_v3.0.3_hotfix_002.sh.gz

Please read the release notes before installing:
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/hotfix_002_release_notes.txt

3) install hotfix #003 for Confixx Professional 3.0.3 (choose proper mysql 
version): 
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_v3.0.3_mysql3_hotfix_003.sh.gz
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_v3.0.3_mysql4_hotfix_003.sh.gz

Please read the release notes before installing:
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/hotfix_003_release_notes.txt

Each of mentioned files user can also download from 
http://www.sw-soft.com/en/download/confixx/confixx3/

with best regards
-- 
Sergey Lystsev

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html