News: Security vulnerability in OpenX 2.8.2

OpenX have announced a security vulnerability in version 2.8.2 of the OpenX ad server.

If you are running OpenX 2.8.2, you should immediately update to OpenX 2.8.3, or follow the instructions from OpenX, to remove the vulnerable files from your OpenX ad server installation.

December 28th, 2009 | Leave a comment
Tags: , , , ,

News: Security vulnerability in OpenX 2.8.1 and earlier

OpenX 2.8.2 was released a while ago now, and the release notes stated that:

We have completed a number of critical security updates to the ad server in OpenX 2.8.2 to reduce any potential vulnerabilities in the software.

However, it seems that the situation is more serious that this – in the past week, an actual remote code execution vulnerability has been announced as being in OpenX 2.8.1 and earlier.

Admittedly, based on the vulnerability report, it would appear that this remote code execution can only be executed if you (or someone with access to your OpenX installation) upload an image banner with a .php file name extension that contains embedded PHP code. If you are careful about what you upload as banners into your OpenX installation, it seems unlikely that you would be vulnerable.

Still, if you have not yet upgraded to the latest version of OpenX, you would be wise to consider doing so!

November 30th, 2009 | Leave a comment
Tags: , , , , ,