[Vtigercrm-developers] vtigercrm-developers Digest, Vol 96, Issue 46
Pabiszczak, Błażej
b.pabiszczak at opensaas.pl
Thu Jan 16 11:02:27 GMT 2014
we check this soon.
Z poważaniem / Regards
Błażej Pabiszczak
M: +48.884999123
E: b.pabiszczak at opensaas.pl
2014/1/16 <vtigercrm-developers-request at lists.vtigercrm.com>
> Send vtigercrm-developers mailing list submissions to
> vtigercrm-developers at lists.vtigercrm.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> http://lists.vtigercrm.com/cgi-bin/mailman/listinfo/vtigercrm-developers
>
> or, via email, send a message with subject or body 'help' to
> vtigercrm-developers-request at lists.vtigercrm.com
>
> You can reach the person managing the list at
> vtigercrm-developers-owner at lists.vtigercrm.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of vtigercrm-developers digest..."
>
>
> Today's Topics:
>
> 1. Re: SOAP vulnerability (Pabiszczak)
> 2. Re: SOAP vulnerability (Prasad)
> 3. Re: SOAP vulnerability (Prasad)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 16 Jan 2014 10:07:34 +0100
> From: Pabiszczak, B?a?ej <b.pabiszczak at opensaas.pl>
> To: Joe Bordes <joe at tsolucio.com>,
> vtigercrm-developers at lists.vtigercrm.com
> Subject: Re: [Vtigercrm-developers] SOAP vulnerability
> Message-ID:
> <
> CAD40NWYmZ7pmcM4akQY0H+9v0YEjeVb1xC1aHjcYvG_aq+0e4A at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-2"
>
> and 6.0 too.
>
>
> Z powa?aniem / Regards
> B?a?ej Pabiszczak
> M: +48.884999123
> E: b.pabiszczak at opensaas.pl
>
>
> 2014/1/16 Joe Bordes <joe at tsolucio.com>
>
> > Is that also true for 5.4?
> >
> >
> >
> > On 16/01/14 09:48, Prasad wrote:
> >
> > Removing vtigerolservice.php should solve the issue - as Vtiger Outlook
> > Plugin no longer require this entry point.
> >
> > Regards,
> > Prasad
> >
> > *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
> Facebook<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
> > *I* Blog <https://blogs.vtiger.com/>* I* Wiki<
> http://wiki.vtiger.com/index.php/Main_Page>
> > *I *Forums <https://discussions.vtiger.com>*I* Website<
> https://www.vtiger.com/>
> >
> >
> > On Thu, Jan 16, 2014 at 12:04 AM, Joe Bordes <joe at tsolucio.com> wrote:
> >
> >> I see that the security patch released a few months ago seems to attend
> >> this vulnerability although I'm not totally sure. Can somebody in vtiger
> >> please confirm that the solution is in that patch, please?
> >>
> >>
> >> El 15/01/14 18:17, Joe Bordes escribi?:
> >>
> >> Hi
> >>>
> >>> Frank Piepiorra from CRMNOW just announced this on the forum:
> >>>
> >>> http://www.exploit-db.com/exploits/30787/
> >>>
> >>>
> https://discussions.vtiger.com/index.php?p=/discussion/169458/vtiger-security-alert-for-soap
> >>>
> >>>
> >>> Joe
> >>> TSolucio
> >>>
> >>> _______________________________________________
> >>> http://www.vtiger.com/
> >>>
> >>
> >> _______________________________________________
> >> http://www.vtiger.com/
> >>
> >
> >
> >
> > _______________________________________________http://www.vtiger.com/
> >
> >
> >
> > --
> > Un saludo
> > Joe
> > TSolucio
> >
> >
> > _______________________________________________
> > http://www.vtiger.com/
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140116/58de2fe1/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Thu, 16 Jan 2014 14:41:44 +0530
> From: Prasad <prasad at vtiger.com>
> To: Joe Bordes <joe at tsolucio.com>,
> "vtigercrm-developers at lists.vtigercrm.com"
> <vtigercrm-developers at lists.vtigercrm.com>
> Subject: Re: [Vtigercrm-developers] SOAP vulnerability
> Message-ID:
> <
> CAMeS7pmqgY7V+kriB6v5V4iysRiD1ovm3dFp8NarJdk_KJn_aQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Our team is verifying on older versions.
>
> *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
> Facebook<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
> *I* Blog <https://blogs.vtiger.com/>* I*
> Wiki<http://wiki.vtiger.com/index.php/Main_Page>
> *I *Forums <https://discussions.vtiger.com>*I*
> Website<https://www.vtiger.com/>
>
>
> On Thu, Jan 16, 2014 at 2:33 PM, Joe Bordes <joe at tsolucio.com> wrote:
>
> > Is that also true for 5.4?
> >
> >
> >
> >
> > On 16/01/14 09:48, Prasad wrote:
> >
> > Removing vtigerolservice.php should solve the issue - as Vtiger Outlook
> > Plugin no longer require this entry point.
> >
> > Regards,
> > Prasad
> >
> > *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
> Facebook<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
> > *I* Blog <https://blogs.vtiger.com/>* I* Wiki<
> http://wiki.vtiger.com/index.php/Main_Page>
> > *I *Forums <https://discussions.vtiger.com>*I* Website<
> https://www.vtiger.com/>
> >
> >
> > On Thu, Jan 16, 2014 at 12:04 AM, Joe Bordes <joe at tsolucio.com> wrote:
> >
> >> I see that the security patch released a few months ago seems to attend
> >> this vulnerability although I'm not totally sure. Can somebody in vtiger
> >> please confirm that the solution is in that patch, please?
> >>
> >>
> >> El 15/01/14 18:17, Joe Bordes escribi?:
> >>
> >> Hi
> >>>
> >>> Frank Piepiorra from CRMNOW just announced this on the forum:
> >>>
> >>> http://www.exploit-db.com/exploits/30787/
> >>>
> >>>
> https://discussions.vtiger.com/index.php?p=/discussion/169458/vtiger-security-alert-for-soap
> >>>
> >>>
> >>> Joe
> >>> TSolucio
> >>>
> >>> _______________________________________________
> >>> http://www.vtiger.com/
> >>>
> >>
> >> _______________________________________________
> >> http://www.vtiger.com/
> >>
> >
> >
> >
> > _______________________________________________http://www.vtiger.com/
> >
> >
> >
> > --
> > Un saludo
> > Joe
> > TSolucio
> >
> >
> > _______________________________________________
> > http://www.vtiger.com/
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140116/51f5661b/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Thu, 16 Jan 2014 16:08:26 +0530
> From: Prasad <prasad at vtiger.com>
> To: "vtigercrm-developers at lists.vtigercrm.com"
> <vtigercrm-developers at lists.vtigercrm.com>
> Subject: Re: [Vtigercrm-developers] SOAP vulnerability
> Message-ID:
> <CAMeS7p=
> 5JXfzw8db1H2Qp9sv4mhScY29j+N9vHLu9A9b0hVTvQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-2"
>
> The exploit explained cannot succeed if the soap-session is not active
> through outlook plugin (older versions). I have devised fix to handle the
> filename being upload -
> http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7903
>
> Please review.
>
> Regards,
> Prasad
>
>
>
> *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
> Facebook<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
> *I* Blog <https://blogs.vtiger.com/>* I*
> Wiki<http://wiki.vtiger.com/index.php/Main_Page>
> *I *Forums <https://discussions.vtiger.com>*I*
> Website<https://www.vtiger.com/>
>
>
> On Thu, Jan 16, 2014 at 2:37 PM, Pabiszczak, B?a?ej <
> b.pabiszczak at opensaas.pl> wrote:
>
> > and 6.0 too.
> >
> >
> > Z powa?aniem / Regards
> > B?a?ej Pabiszczak
> > M: +48.884999123
> > E: b.pabiszczak at opensaas.pl
> >
> >
> > 2014/1/16 Joe Bordes <joe at tsolucio.com>
> >
> >> Is that also true for 5.4?
> >>
> >>
> >>
> >> On 16/01/14 09:48, Prasad wrote:
> >>
> >> Removing vtigerolservice.php should solve the issue - as Vtiger Outlook
> >> Plugin no longer require this entry point.
> >>
> >> Regards,
> >> Prasad
> >>
> >> *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
> Facebook<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
> >> *I* Blog <https://blogs.vtiger.com/>* I* Wiki<
> http://wiki.vtiger.com/index.php/Main_Page>
> >> *I *Forums <https://discussions.vtiger.com>*I* Website<
> https://www.vtiger.com/>
> >>
> >>
> >> On Thu, Jan 16, 2014 at 12:04 AM, Joe Bordes <joe at tsolucio.com> wrote:
> >>
> >>> I see that the security patch released a few months ago seems to attend
> >>> this vulnerability although I'm not totally sure. Can somebody in
> vtiger
> >>> please confirm that the solution is in that patch, please?
> >>>
> >>>
> >>> El 15/01/14 18:17, Joe Bordes escribi?:
> >>>
> >>> Hi
> >>>>
> >>>> Frank Piepiorra from CRMNOW just announced this on the forum:
> >>>>
> >>>> http://www.exploit-db.com/exploits/30787/
> >>>>
> >>>>
> https://discussions.vtiger.com/index.php?p=/discussion/169458/vtiger-security-alert-for-soap
> >>>>
> >>>>
> >>>> Joe
> >>>> TSolucio
> >>>>
> >>>> _______________________________________________
> >>>> http://www.vtiger.com/
> >>>>
> >>>
> >>> _______________________________________________
> >>> http://www.vtiger.com/
> >>>
> >>
> >>
> >>
> >> _______________________________________________http://www.vtiger.com/
> >>
> >>
> >>
> >> --
> >> Un saludo
> >> Joe
> >> TSolucio
> >>
> >>
> >> _______________________________________________
> >> http://www.vtiger.com/
> >>
> >
> >
> > _______________________________________________
> > http://www.vtiger.com/
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140116/dce308be/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> vtigercrm-developers mailing list
> vtigercrm-developers at lists.vtigercrm.com
> http://lists.vtigercrm.com/cgi-bin/mailman/listinfo/vtigercrm-developers
>
>
> End of vtigercrm-developers Digest, Vol 96, Issue 46
> ****************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140116/0be85b1a/attachment-0001.html>
More information about the vtigercrm-developers
mailing list