ezPublish 3.8.10 ~ file upload attack?

Next topic

Author	Message
stephen Gazard	Friday 22 February 2008 3:53:21 am Hello, I'm running v3.8.10 our hosts have shut off access to the a site running ezpublish because they've told me it appears someone (IP address registered in Brazil) is/was trying to upload a file to the site attacking this version. At the moment I'm sketchy on the details because my host has not (yet) provided me with much information, but I was wondering if anyone had similar problems. The secunia advisories and other such don't specify such a vulnerability, but I realise the 3.8.x branch is no longer supported. This happened after a very recent upgrade from 3.8.6 (legacy site; we've taken over maintenance), but I'm wondering if anything is known, or what I should be checking for as I'm not very familiar with the workings. Regards, Stephen
Andreas Kaiser	Wednesday 27 February 2008 3:10:23 am I would search the changelogs: http://ez.no/download/ez_publish/changelogs to find if there was any related security problem in 3.8.x versions corrected in 3.9.x (3.8.x is not more supported 3.8.10 was the last release...) eZ Partner in Madrid (Spain) Web: http://www.atela.net/
Ekkehard Dörre	Wednesday 27 February 2008 8:37:06 am hi, here are the known Security Advisories : http://ez.no/developer/security/security_advisories greetings, ekke http://www.coolscreen.de - Over 40 years of certified eZ Publish know-how: http://www.cjw-network.com CJW Newsletter: http://projects.ez.no/cjw_newsletter - http://cjw-network.com/en/ez-publ...w-newsletter-multi-channel-marketing

Author

Message

Friday 22 February 2008 3:53:21 am

Hello,

I'm running v3.8.10 our hosts have shut off access to the a site running ezpublish because they've told me it appears someone (IP address registered in Brazil) is/was trying to upload a file to the site attacking this version.

At the moment I'm sketchy on the details because my host has not (yet) provided me with much information, but I was wondering if anyone had similar problems. The secunia advisories and other such don't specify such a vulnerability, but I realise the 3.8.x branch is no longer supported.

This happened after a very recent upgrade from 3.8.6 (legacy site; we've taken over maintenance), but I'm wondering if anything is known, or what I should be checking for as I'm not very familiar with the workings.

Regards,
Stephen

Andreas Kaiser

Wednesday 27 February 2008 3:10:23 am

I would search the changelogs: http://ez.no/download/ez_publish/changelogs to find if there was any related security problem in 3.8.x versions corrected in 3.9.x (3.8.x is not more supported 3.8.10 was the last release...)

eZ Partner in Madrid (Spain)
Web: http://www.atela.net/

Ekkehard Dörre

Wednesday 27 February 2008 8:37:06 am

hi,

here are the known Security Advisories :

http://ez.no/developer/security/security_advisories

greetings, ekke

http://www.coolscreen.de - Over 40 years of certified eZ Publish know-how: http://www.cjw-network.com
CJW Newsletter: http://projects.ez.no/cjw_newsletter - http://cjw-network.com/en/ez-publ...w-newsletter-multi-channel-marketing