Aug 18, 2006 :: Zen Cart (osCommerce) vulnerability

Started by Jason, August 18, 2006, 08:44:23 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Jason

August 18, 2006, 08:44:23 AM
I received this email today from the Zen Cart team.  If you are running Zen Cart (and possibly osCommerce which Zen Cart is based off of), I'd HIGHLY recommend you look into this immediately.
- - - - - - - -

A security vulnerability has been reported with Zen Cart v1.3.0, v1.3.0.1, and v1.3.0.2 whereby hackers could potentially invade and abuse the site.

The patches posted here should be applied to your site immediately if you are using v1.3.0x:
http://www.zen-cart.com/forum/showthread.php?t=43579

Zen Cart takes security matters seriously, and will be incorporating these fixes in the next release, along with other bugfixes after we conduct another security audit.

Sincerely,
The Zen Cart team

Mark

#1
August 18, 2006, 11:01:43 AM
Jesus, is there some magical security hole that just popped up in PHP or something? It's looking like there's all kinds of PHP scripts under going major security fix releases.

Did you know there are about 40 Mambo/Joomla 3rd party components that have these major security holes too? It's crazy.

Jason

#2
August 18, 2006, 11:08:30 AM
Quote from: Killer Possum on August 18, 2006, 11:01:43 AM
Did you know there are about 40 Mambo/Joomla 3rd party components that have these major security holes too? It's crazy.

I didn't, but that's good to know.

My guess is that some sort of php function had some sort of vulnerability that is applying to every script out there that uses it similiarly.  Many (if not all?) seem to be injection vulnerabilities for this latest round.

Technology.  What can you do other than to patch everything as soon as you see notices like this!  :)

Mark

#3
August 18, 2006, 11:15:48 AM
Quote from: Jason on August 18, 2006, 11:08:30 AM
Technology.  What can you do other than to patch everything as soon as you see notices like this!  :)

True.

Jason

#4
September 04, 2006, 09:18:15 AM
A new security release as of 9/1/2006:
----------------------------------------------------

This is a follow-up reminder that if you are running Zen Cart v1.3.0, v1.3.0.1, or v1.3.0.2, you are advised to install the Security Patch immediately.

Security Patch details can be found here:
http://www.zen-cart.com/forum/showthread.php?t=43579

Additionally, REGARDLESS OF VERSION, if you haven't already taken the recommended steps to secure your site, it is good practice in the online world to take precautions to protect your store. A number of guidelines are distributed with Zen Cart documentation, but are also available online here:
http://www.zen-cart.com/wiki/index.php/Important_Site_Security_Recommendations

Zen Cart takes security issues seriously, and has fixed the reported security problems for the soon-to-be-released v1.3.5 code which has a lengthy list of enhancements in addition to fixes following a full re-audit of security issues in the code.

Please update your site ASAP to protect yourself from those who have nothing better to do than wreak havoc on your business website.

Regards,
The Zen Cart Team


Note: Replies to this email will not be read. If you have questions or problems, please post them to the support forum at http://www.zen-cart.com
Print
Go Up Pages1
User actions