secunia advisory

Here
http://secunia.com/advisories/18556/
they talk about a backdorr present in the system.

I cannot find the exact match with my version of etomite or modx but didn’t search for a possible migration of that piece of cde in another place.

Is modx safe from that advisory?

I checked the incriminated files and i didn’t find anythilg. We are waiting the answers of modx conceptors.

Please see this thread at Etomite.

The todo.inc.php file was never a part of our repository, and the cbd_cmm($hash) function implementation was commented out before our first release, and then completely removed from MODx on July 15th, 2005.

NOTE: maybe the solution should be to use MODx? it is another product after all...and compatible even! LOL

ahhhhh

excellent

i prefer modx anyways ..

is it possible to update my existing eto sites( pre me knowing about modx )
to modx without much hassle ? or is it a redesign ? ive kinda lost faith in eto........

Quote from: OpenGeek at Jan 22, 2006, 01:19 AM

The todo.inc.php file was never a part of our repository

There is a very important clarification in Etomite’s forum: the file todo.inc.php was added recently, by someone that managed to attack the site of Etomite.

So, there was no backdoor in the original Eto.

BUT there was a tracker (the one that has been removed from all MODx releases and from Etomite 0.6.1).

Quote from: Lizard at Jan 29, 2006, 02:33 PM

is it possible to update my existing eto sites( pre me knowing about modx )
to modx without much hassle ? or is it a redesign ? ive kinda lost faith in eto........

I’ve upgraded several Etomite sites to MODx with little or very little adjustment needed. Sometimes a snippet or two needs a change or a tweak. But for the most part, upgrading from Etomite, has not been an issue, and we’re here to help if you have any problems doing so.

Yes Etomite has a back door in it... And STILL has one! There is no mystery about it : it has been hard coded by Alex (in 0.6), and maintained by the other (in 0.6.1 RC1, RC2, RC3, RTM). So the new team is also responsible of that.
But where is the surprise? Well do you know one of the "5 Good Reasons to Choose Etomite"? Guess what : "There are no hidden-catches, no banners, and no spyware included". Good point, they got the no banners right! Have you ever chosen a product because it is spy free? Strange way to chose...
Do you know the new big brother genius idea? It is call "Name and Shame" and created on Jan 10 2006, By: Dean.
Well, fooling people is not a good way in my opinion, so I stayed away from Etomite and will remain.
It is too bad it was a good idea, but the good news is that it is in Modx now (even if it is taking thing slower). On the other hand, one may now consider Etomite has become a totally free public open project since they cannot claim any rights anymore on it (this is true in us at least).
So trust Modx and I am almost sure that the remaining catches will disappear soon from Modx. And one day if I end up using it, I’ll check the whole code to clarify that.