Yes not older. In fact, an 8.0.1 installation is more vulnerable than 8.0.0 due to a change at line 29 of CFIDE\ scripts\ajaxFCKeditor\editor\filemanager\connectors\cfm\config.cfm
-- Howard Fore, [email protected] "The worthwhile problems are the ones you can really solve or help solve, the ones you can really contribute something to. ... No problem is too small or too trivial if we can really do something about it." - Richard P. Feynman On Thu, Jul 2, 2009 at 6:51 PM, John Mason <[email protected]> wrote: > Just a bit goofy writing in that article but this involves the richtext > feature that was introduced in CF 8. So not older version at all. > > John > > > > > > Charlie Arehart wrote: > >> I'm curious about their phrasing of "older installations of Cold Fusion >> applications" and FCKEditor. It was only included as of CF8 (codenamed >> scorpio, as mentioned in this news from the fckeditor folks: >> http://www.fckeditor.net/Adobe_to_embed_FCKeditor_in_ColdFusion). So it's >> too bad that the opening lines suggest it affects only "older >> installations". >> Also, FWIW, this blog entry by an Adobe engineer >> (http://www.rakshith.net/blog/?p=41), from 2007, says specifically that >> the >> file upload feature in FCKEditor was disabled by default in CF8, so it >> would >> seem only those who enabled that who would have the issue. >> Not diminishing the concern. Just saying the info shared by the seems >> rather >> incomplete, and potentially confusing. But as someone already added as a >> comment there, perhaps the real issue is the cffile upload aspect, and >> they >> point readers to Pete F's recent blog entry on that. >> >> /charlie >> >> >> >> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On Behalf Of Dean H. >>> Saxe >>> Sent: Thursday, July 02, 2009 5:14 PM >>> To: [email protected] >>> Subject: [ACFUG Discuss] CF Attacks in the wild >>> >>> FYI http://bit.ly/dUdvv >>> >>> "There have been a high number of Cold Fusion web sites being >>> compromised in last 24 hours. We received several e-mails about this. >>> >>> It appears that the attackers are exploiting web sites which have >>> older installations of some Cold Fusion applications. These >>> applications have vulnerable installations of FCKEditor, which is a >>> very popular HTML text editor, or CKFinder, which is an Ajax file >>> manager. The vulnerable installations allow the attackers to upload >>> ASP or Cold Fusion shells which further allow them to take complete >>> control over the server." >>> >>> I have known about this for a few months now, but had to be silent on >>> it. Adobe hasn't patched it (yet) but the attacks are in the wild... >>> >>> -dhs >>> >>> Dean H. Saxe, CISSP, CEH >>> [email protected] >>> "If liberty means anything at all, it means the right to tell people >>> what they do not want to hear." >>> -- George Orwell, 1945 >>> >>> >>> >>> >>> >>> ------------------------------------------------------------- >>> To unsubscribe from this list, manage your profile @ >>> http://www.acfug.org?fa=login.edituserform >>> >>> For more info, see http://www.acfug.org/mailinglists >>> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>> List hosted by http://www.fusionlink.com >>> ------------------------------------------------------------- >>> >>> >>> >>> >> >> >> >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by http://www.fusionlink.com >> ------------------------------------------------------------- >> >> >> >> >> >> > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > >
