Yep, that is the same, and while they work on a real fix, that bulletin warns of some key things to lock down in the meantime (as I did in my blog entries, though /CFIDE/componentutils was not one I'd seen used in any of the compromises I found. It was always CFIDE/adminapi, and I have asked Adobe about that, since they make no mention of it.)
/charlie From: [email protected] [mailto:[email protected]] On Behalf Of Frank Moorman Sent: Thursday, January 10, 2013 6:15 AM To: [email protected] Subject: Re: [ACFUG Discuss] New CF Vulnerability - Check your servers All, I received a new HackMyCF report on one of my sites earlier... It had a brand new "CRITICAL" error that I never saw before... ComponentUtils Exposed to the Public The /CFIDE/componentutils/ directory is open to the public it should be locked down to prevent exploit. I went and immediately locked it down like my existing administrator and and adminapi directories... Is this related to all the compromised servers in the past month? Ok, I did some searching and I found out that yes, this directory is listed by adobe in their latest security bulletin. (and I assume is related to the recent hacks...) However, I think that it is important to share with the group... On 01/03/2013 08:50 AM, Cameron Childress wrote: FYI - worth reading up on this. <http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_thr eat> http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_thre at http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_securit y_threat -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook <http://www.facebook.com/cameroncf> | twitter <http://twitter.com/cameronc> | google+ <https://profiles.google.com/u/0/117829379451708140985> ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
