CaLogic Calendar

For urgent and private issues, open a support ticket instead of posting: https://secure.installatron.com/tickets
jimmy_blacknight
Posts: 7
Joined: Tue Oct 16, 2007 3:26 am

CaLogic Calendar

Postby jimmy_blacknight » Tue Oct 16, 2007 3:32 am

Hi Guys

We have had some issues with this last night, seems there is a scripting vulnerability issue in it. We had a number of attacks on installs of the calendar last night.

We have found the following extract in our logs:
/calogic/mcconfig.php?CLPATH=http://www.reasons.org/js/insert?

I realise that this is not your issue as such, but you guys may have more "push" on getting it resolved. I am also reporting it to calogic

Rowan
Staff
Posts: 235
Joined: Tue Jun 19, 2007 7:39 am

Re: CaLogic Calendar

Postby Rowan » Wed Oct 17, 2007 1:13 am

Thanks for letting us know about this.

If you hear anything from the authors please post it here.

In the meantime I'll see if I can patch a fix into the installer.

Rowan.

Rowan
Staff
Posts: 235
Joined: Tue Jun 19, 2007 7:39 am

Re: CaLogic Calendar

Postby Rowan » Wed Oct 17, 2007 1:51 am

It turns out that CaLogic had already patched the security hole, but has retained the same "1.22" version number so we didn't see it as a new release.

Only servers that downloaded the archive from our mirrors (rather than the home source) would have got the old file.

Anyway I've updated the installer and included an upgrader.

Rowan.


Return to “Administrative Technical Discussion and Troubleshooting”

Who is online

Users browsing this forum: No registered users and 1 guest