Warning: security vulnerability in ispCP Omega 1.0.0 RC2 and earlier
17 views
Skip to first unread message
Pieter Verhaeghe
Apr 24, 2007, 6:58:42 PM4/24/07
to ispcp-a...@googlegroups.com
Raphael (atomo64) today posted a security vulnerability in our bug
tracker. We implemented as soon as possible a fix to solve this
vulnerability. As a result you can download the new release candidate
RC2b on www.isp-control.net
tracker. We implemented as soon as possible a fix to solve this
vulnerability. As a result you can download the new release candidate
RC2b on www.isp-control.net
For fixing only the critical security bug, there is a patch available
on http://downloads.sourceforge.net/ispcp/ispcp-omega-1.0.0-rc2-security-patch.txt
With the next command you can install the patch:
patch -cl -d /var/www/ispcp < /path/to/ispcp-omega-1.0.0-rc2-security-patch.txt
To manually fix the security bug add the following line above in the
file /var/www/ispcp/gui/include/sql.php immediately below the
commented text (around line 20):
$include_path = realpath(dirname(__FILE__));
We thank Raphael to reporting this security bug and we hope everyone
using ispCP Omega will patch this bug.
Reply all
Reply to author
Forward
0 new messages