lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200408131747.20469.slystsev@sw-soft.com>
From: slystsev at sw-soft.com (Sergey Lystsev)
Subject: Security hole in Confixx backup script

You did not mention in which Confixx version you have found these errors.

Confixx development team can say, that all 3 mentioned issues:
* http://lists.netsys.com/pipermail/full-disclosure/2004-July/024388.html
* http://lists.netsys.com/pipermail/full-disclosure/2004-August/024647.html
* http://lists.netsys.com/pipermail/full-disclosure/2004-August/024899.html
are fixed now (since 19 July 2004).

The properly updated system is free of these vulnerabilities. To get 
properly updated system user needs to:

1) install Confixx Professional 3.0.3 patch. 
	User can download it from the URL 
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/
	Also user may use one of the direct links below (choose proper mysql 
version):
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_update_Pro_3.0.3_mysql4.tgz
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_update_Pro_3.0.3_mysql3.tgz

2) install hotfix #002 for Confixx Professional 3.0.3:
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_v3.0.3_hotfix_002.sh.gz

Please read the release notes before installing:
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/hotfix_002_release_notes.txt

3) install hotfix #003 for Confixx Professional 3.0.3 (choose proper mysql 
version): 
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_v3.0.3_mysql3_hotfix_003.sh.gz
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/confixx_v3.0.3_mysql4_hotfix_003.sh.gz

Please read the release notes before installing:
ftp://download1.sw-soft.com/Confixx/ConfixxPro3/3.0.3/hotfix_003_release_notes.txt

Each of mentioned files user can also download from 
http://www.sw-soft.com/en/download/confixx/confixx3/

with best regards
-- 
Sergey Lystsev

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ