[Typo3-dev] Santy.a Worm and Typo3 3.5
Karsten Dambekalns
k.dambekalns at fishfarm.de
Thu Dec 23 12:35:43 CET 2004
Hi.
On 2004-12-22, Luc de Louw <luc.delouw at bit-heads.ch> wrote:
> Jim Neumann wrote:
>> 2. Is Typo 3.5 compatible with php 4.3.10 (which closes the door
>> to this worm)?
>
> yes
Correct, although the worm doesn't seem to exploit a PHP
vulnerability, this is a 'pure' phpBB bug according to
http://isc.sans.org/diary.php?date=2004-12-21, section "Errata".
>> 1. Is Typo 3.5 vunerable to this worm?
>> 3. Is Typo 3.7.0 vunerable to this worm?
>
> AFAIK no[1]
>
> [1] The Santy worm is searching trough google for "viewtopic.php" (a
> specific phpBB code which allows the "highlight-expoit"). Google bocked
Yes. The only case when it might be vulnerable is when the phpBB
extension is used (which is more or less a wrapper around
phpBB). Since that extension never was stable, the number of
deployments should be low.
Karsten
More information about the TYPO3-dev
mailing list