RE: XML_RPC warning for sites with Pear and PHP

Thanks, Bill, for the heads-up! :)

-Gary Berosik

-----Original Message-----
From: rss-dev@...
[mailto:rss-dev@...]On Behalf
Of Bill Kearney
Sent: Tuesday, July 12, 2005 5:21 PM
To: rss-dev@...; syndic8@...;
syndication@...
Subject: [RSS-DEV] XML_RPC warning for sites with Pear and PHP
Importance: High

Hi all,

Anyone using php with pear and the xmlrpc stuff take heed.  An exploit
exists to compromise the box.

http://www.gulftech.org/?node=research&article_id=00087-07012005

Suffice to say I'd have preferred to learn this via mail, not experience.

Meanwhile, GO, right NOW, and run 'pear list-upgrades' on your machine.  If
you're on an apache/php box, that is.

If you've got the old xml_rpc module then run 'pear upgrade XML_RPC'
Seriously consider upgrading any others that have gone stale.  Being
prepared for the usual upgrade foolishness, of course.