I'm curious about their phrasing of "older installations of Cold Fusion applications" and FCKEditor. It was only included as of CF8 (codenamed scorpio, as mentioned in this news from the fckeditor folks: http://www.fckeditor.net/Adobe_to_embed_FCKeditor_in_ColdFusion). So it's too bad that the opening lines suggest it affects only "older installations".
Also, FWIW, this blog entry by an Adobe engineer (http://www.rakshith.net/blog/?p=41), from 2007, says specifically that the file upload feature in FCKEditor was disabled by default in CF8, so it would seem only those who enabled that who would have the issue. Not diminishing the concern. Just saying the info shared by the seems rather incomplete, and potentially confusing. But as someone already added as a comment there, perhaps the real issue is the cffile upload aspect, and they point readers to Pete F's recent blog entry on that. /charlie > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Dean H. > Saxe > Sent: Thursday, July 02, 2009 5:14 PM > To: [email protected] > Subject: [ACFUG Discuss] CF Attacks in the wild > > FYI http://bit.ly/dUdvv > > "There have been a high number of Cold Fusion web sites being > compromised in last 24 hours. We received several e-mails about this. > > It appears that the attackers are exploiting web sites which have > older installations of some Cold Fusion applications. These > applications have vulnerable installations of FCKEditor, which is a > very popular HTML text editor, or CKFinder, which is an Ajax file > manager. The vulnerable installations allow the attackers to upload > ASP or Cold Fusion shells which further allow them to take complete > control over the server." > > I have known about this for a few months now, but had to be silent on > it. Adobe hasn't patched it (yet) but the attacks are in the wild... > > -dhs > > Dean H. Saxe, CISSP, CEH > [email protected] > "If liberty means anything at all, it means the right to tell people > what they do not want to hear." > -- George Orwell, 1945 > > > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
