FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openx -- remote code execution vulnerability

Affected packages
openx < 2.8.7

Details

VuXML ID 80b6d6cc-c970-11df-bb18-0015587e2cc1
Discovery 2010-09-14
Entry 2010-09-26

The OpenX project reported:

It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised.

[source]

This vulnerability exists in the file upload functionality and allows attackers to upload and execute PHP code of their choice.

References

URL http://blog.openx.org/09/security-update/
URL http://www.h-online.com/security/news/item/Web-sites-distribute-malware-via-hacked-OpenX-servers-1079099.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.