http://it.slashdot.org/article.pl?sid=05/07/04/2153224&tid=95&tid=172&tid=169

Is pmachine vulnerable to this attack.. and if so is there a fix?

This is a PHP flaw that can only be fixed by updating your PHP installation with the patches, it’s not an application problem.  Contact your hosting provider if they are not aware of the problem.

Actually…the initial security report we saw from Netcraft earlier indicated this was purely a PHP flaw, but there are conflicting reports.  We’ll look into it.

See the new announcement.

Was this annoucement sent out to the newsletter? I did not see an annoucement. I thought that security issues were to be sent via the newsletter - am I wrong or did I just miss it?

Chris Curtis - 05 July 2005 02:08 PM

See the new announcement.

Something went bad here…
Can not access the url
http://expressionengine.com/forums/viewannounce/24385_19/

Error
The following errors were encountered
You are not authorized to perform this action

All I came here for is to find information about the xmlrpc exploit.

I signed up on this board, and still can’t access this page. - Same error as above.

I am denied access to security information.

I just want to make sure my server is not exploitable by the xmlrpc.inc files that are INSIDE Pmachine_Free

If she is exploitable, I will probably see sh, bash, httpd, r0nin or some such worms uploaded soon.

cPanel has fantastico.
Fantastico has Pmachine_Free
Pmachine_Free doesn’t say what version she is.
I look physically at the index.php and it says Version 2.3

This all is supposed to be updated nightly in cPanel
I don’t always like automated things.
Anyway as a sanity check. I do a
locate xmlrpc.inc

and I see master_files/Pmachine_Free/pm/xmlrpc/xmlrpc.inc
among others I am tracking down.

Assuming, this is the NEW install source directory.

Is she patched up or is she supposed to be removed?
If she is patched,  may I please get a md5sum for a patched xmlrpc.inc, and xmlrpcs.inc?

It says v1.20 2003/1/10/  22:01:56 in the comments.

some other examples..to get you to understand where I am coming from
PostNuke I have to physically delete these files. and turn it off in admin. New builds are not gonna have xmlrpc
Drupal - latest version is patched.

PS.  could you please make a security forum, or www.pmachine.com/security
      or something that anonymous (non-registered board members) can check for security at a GLANCE.
      I came in on the fly to help someone lock down their box.

PSPS       I CURRENTLY suggest she TURN OFF IN CPANEL, fantastico’s Pmachine_Free until I solve this - savvy?
              so please get back to me.

pM Free isn’t even available anymore.  It’s been replaced with pM Pro, which you can download from our download area.  You are encouraged to update to the latest version rather than continuing to use the fantastico version.  We notified Fantastico long ago that the version is out of date but they have not updated it.