FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openx -- remote code execution vulnerability

Affected packages
openx < 2.8.7

Details

VuXML ID 80b6d6cc-c970-11df-bb18-0015587e2cc1
Discovery 2010-09-14
Entry 2010-09-26

The OpenX project reported:

It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised.

This vulnerability exists in the file upload functionality and allows attackers to upload and execute PHP code of their choice.

References

URL http://blog.openx.org/09/security-update/
URL http://www.h-online.com/security/news/item/Web-sites-distribute-malware-via-hacked-OpenX-servers-1079099.html