[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XML_RPC warning for sites with Pear and PHP

To: <rss-dev@yahoogroups.com>, <syndic8@yahoogroups.com>, <syndication@yahoogroups.com>
Subject: XML_RPC warning for sites with Pear and PHP
From: "Bill Kearney" <wkearney@syndic8.com>
Date: Tue, 12 Jul 2005 18:21:19 -0400
Organization: http://www.ideaspace.net/users/wkearney/foaf.xrdf

Hi all,

Anyone using php with pear and the xmlrpc stuff take heed.  An exploit
exists to compromise the box.

http://www.gulftech.org/?node=research&article_id=00087-07012005

Suffice to say I'd have preferred to learn this via mail, not experience.

Meanwhile, GO, right NOW, and run 'pear list-upgrades' on your machine.  If
you're on an apache/php box, that is.

If you've got the old xml_rpc module then run 'pear upgrade XML_RPC'
Seriously consider upgrading any others that have gone stale.  Being
prepared for the usual upgrade foolishness, of course.

-Bill Kearney
Syndic8.com

Prev by Date: Analysis of Apple's new extensions vs. Yahoo's media extensions.
Next by Date: RSS Referencing
Previous by thread: Analysis of Apple's new extensions vs. Yahoo's media extensions.
Next by thread: RSS Referencing
Index(es):
- Date
- Thread