Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Imei flaw  (Read 4603 times)

0 Members and 1 Guest are viewing this topic.

ComputerLady

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Female
  • Posts: 23
    • Design COMP
Imei flaw
« on: April 19, 2006, 09:01:05 pm »

Pardon my confusion here, but I found a post in imei's Bug Blog regarding a 'new' remote code execution flaw found in Coppermine 1.4.4:

http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html

I'm having a lot of trouble understanding the discussion surrounding the code sited, and if this is something those of us using Coppermine should be concerned. That bug report was reflected out through Secunia's Latest Security Advisories RSS feed, but I don't see much supporting evidence in the blog post. But then, following some of that is beyond me at present.

So, my question is, is this a new bug or something we can safely ignore? (My hosting service insisted everyone update to v1.4.4 of Coppermine or face having their install of Coppermine removed after that last bug.)  ::)

Thanks! 
« Last Edit: April 21, 2006, 09:25:46 am by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Patch for Coppermine 1.4.4 remote code execution flaw
« Reply #1 on: April 19, 2006, 10:24:06 pm »

split from http://forum.coppermine-gallery.net/index.php?topic=28079.0, which was a split-off from another different thread. Don't hijack threads, especially those that deal with security issues, as it will get increasingly hard for others to keep track. Search the board before posting, this is being discussed already!
Logged

ComputerLady

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Female
  • Posts: 23
    • Design COMP
Re: Imei flaw
« Reply #2 on: April 19, 2006, 10:33:46 pm »

Finally found public discussion on this here:
http://forum.coppermine-gallery.net/index.php?topic=30504.0

Will turn on notifications for that thread so I can track this...
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Imei flaw
« Reply #3 on: April 19, 2006, 10:35:11 pm »

you better turn on notifications for the announcement board...
Logged

ComputerLady

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Female
  • Posts: 23
    • Design COMP
Re: Imei flaw
« Reply #4 on: April 19, 2006, 11:40:22 pm »

Did that again, as that must have stopped working again... Thanks for the reminder!
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Imei flaw
« Reply #5 on: April 21, 2006, 09:25:32 am »

Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 19 queries.