movabletype-opensource possible remote execute issue: workaround
Hi,
If you use Movabletype from Debian stable, you may be exposed to a
possible SQL injection attack and remote code execution attack, as
described at
http://www.movabletype.org/2013/01/movable_type_438_patch.html
There is an update in the pipeline as discussed in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697666
but you may wish to temporarily disable access to mt-upgrade.cgi
(which should not affect normal operation of MT) until this is
released.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply to: