[wp-hackers] xml-rpc threat ?
Scott Merrill
skippy at skippy.net
Mon Nov 7 15:07:19 GMT 2005
Podz wrote:
> http://www.theregister.co.uk/2005/11/07/linux_worm/
> http://isc.sans.org/diary.php?storyid=823
>
> "xml-rpc for php is used in a large number of popular web applications
> such as PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare
> and TikiWiki. When exploited, this could compromise a vulnerable system.
> Most of these packages should have xml-rpc for php vulnerability fixed
> in the latest version. If you are still running an old version, you
> should get it updated immediately."
>
> I'm assuming it's fixed, but confirmation ahead of any forum posts would
> be nice.
WordPress doesn't use the same XMLRPC library as most other PHP
applications, so we're generally not affected by the same problems.
--
skippy at skippy.net | http://skippy.net/
gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49 3544 476A 7DEC 9CFA 4B35
More information about the wp-hackers
mailing list