Imei flaw

ComputerLady · April 19, 2006, 09:01:05 PM

Pardon my confusion here, but I found a post in imei's Bug Blog regarding a 'new' remote code execution flaw found in Coppermine 1.4.4:

http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html

I'm having a lot of trouble understanding the discussion surrounding the code sited, and if this is something those of us using Coppermine should be concerned. That bug report was reflected out through Secunia's Latest Security Advisories RSS feed, but I don't see much supporting evidence in the blog post. But then, following some of that is beyond me at present.

So, my question is, is this a new bug or something we can safely ignore? (My hosting service insisted everyone update to v1.4.4 of Coppermine or face having their install of Coppermine removed after that last bug.)

Thanks!

Joachim Müller · April 19, 2006, 10:24:06 PM

split from http://forum.coppermine-gallery.net/index.php?topic=28079.0, which was a split-off from another different thread. Don't hijack threads, especially those that deal with security issues, as it will get increasingly hard for others to keep track. Search the board before posting, this is being discussed already!

ComputerLady · April 19, 2006, 10:33:46 PM

Finally found public discussion on this here:
http://forum.coppermine-gallery.net/index.php?topic=30504.0

Will turn on notifications for that thread so I can track this...

Joachim Müller · April 19, 2006, 10:35:11 PM

you better turn on notifications for the announcement board...

ComputerLady · April 19, 2006, 11:40:22 PM

Did that again, as that must have stopped working again... Thanks for the reminder!

Joachim Müller · April 21, 2006, 09:25:32 AM

http://forum.coppermine-gallery.net/index.php?topic=30655.0

coppermine-gallery.com/forum

News:

Imei flaw

ComputerLady

Joachim Müller

ComputerLady

Joachim Müller

ComputerLady

Joachim Müller