<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

From: Maximiliano Müller <mmuller_at_sitioshispanos.com>
Date: Wed, 12 Mar 2008 01:47:29 +0000 (UTC)

Hi,

In case you didn't have this patch. Patch login.php as soon
as possible (old bug).

http://vhcs.puuhis.net/index.php?option=com_content&task=view&id=14&Itemid=1

For the new bug this is a quick solution

* to modify the php.ini and to disable shell and execute functions

disable_functions = system,system_exec,passthru,shell,shell_exec,exec

* to not permit LOAD INLINE from mysql. We can disable this feature with
the following line to the my.cnf in the section [mysqld]

local-infile=0
Received on Mar 12 2008

This message: [ Message body ]
Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities"
Previous message: iDefense Labs: "iDefense Security Advisory 03.11.08: Microsoft Outlook mailto Command Line Switch Injection"
In reply to: gmdarkfig_at_gmail.com: "VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit"
Next in thread: app_at_gmail.com: "Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit"
Maybe reply: app_at_gmail.com: "Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]