In association with heise online

16 September 2010, 12:16

Update for OpenX ad server closes hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

OpenX Logo The OpenX developers have released version 2.8.7 of their free open source ad server, likely closing the security hole discovered earlier this week. The vulnerability was the result of a component integrated in OpenX's video plug-in from a third-party, which allows images to be uploaded.

The "Open Flash Chart 2" module (ofc_upload_image.php) failed to check who uploaded what onto the server. The vulnerability allowed executable scripts to be uploaded and executed on the server – and criminals soon exploited it to attack the web servers of The Pirate Bay, esarcasm.com and AfterDawn.com.

In a blog post, the OpenX developers recommend that administrators upgrade to the new versions immediately because of a vulnerability. However, the release notes of version 2.8.7 don't indicate whether a hole was closed, or which hole it was. Commenting on the blog post, users have criticised the OpenX project for its slow response and scarcity of information.

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1080478
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit