Etomite security vulnerabilities cij

just recieved some mail about this .. i take it this is NOT a problem in modx?

i know modx came originaly from eto code .. im sure its been totally worked over .. but i dont know much about this kinda stuf .. and im just checkin .. hope that doesnt offend anyone.

MODx is free from this vulnerabilities - see this thread:
http://modxcms.com/forums/index.php/topic,2467.0.html

Quote from: Lizard at Jan 29, 2006, 01:40 PM

just recieved some mail about this .. i take it this is NOT a problem in modx?

i know modx came originaly from eto code .. im sure its been totally worked over .. but i dont know much about this kinda stuf .. and im just checkin .. hope that doesnt offend anyone.

You can see that they stated clearly in their email,

...were not in the releases prior to January 11, 2006 as was previously suspected...

So, we were separated way back on "April 8, 2005".

I hope this clearifies any doubts.

BUT! if you are using current Etomite releases which are infected/or-not-infected, you should fix that problem as per their instructions before migrating to MODx. AFAIK it will save you from any possibly future problems.

Best regards,

zi

We stripped out all the "phone home" stuff prior to our first MODx release.

Quote from: rthrash at Jan 29, 2006, 04:35 PM

We stripped out all the "phone home" stuff prior to our first MODx release.

Was more like phone Alex indeed

Yes... Most of the hidden-catches and spyware have been removed from the Etomite code by the Modx team... And only minor markers are remaining but as I haven’t read the whole code, I can’t tell if they really got rid of all of the Etomite’s insanity.

ALL of the hidden-catches and spyware have been removed. If you have knowledge to the contrary, please share with us and we’d be glad to discuss, but I’m very familiar with the code here (as are several other team and forum members) and am not aware of any other "minor markers" remaining from the issues that have been identified in Etomite.

At Eto site the code wase changed and uplodaed to the server bij this exploit that means that the server is the security breatch not the (atleast not all) the code.

as site security was breeched and those download files were replaced with cij injection exploit infected versions...

Dimmy

I agree that you removed the spyware and backdoor I know about in Etomite. And that’s a great thing.
But, just to give you an example of the bad thing in the code (so that anybody knows with cms you are using) is that the path to "manager" is hard-coded just about everywhere in the code (the good way would be define it in a constant).
Now if I want to know what you are running I know I just have to go to http://modxcms.com/manager/ on one hand this is not secure at all, one the other this is what I called a marker.
The same apply with "assets" (which is very particular to Etomite / Modx) and many other directories (like the snippets’ one that has nothing to do in publicly designed folder).

toti,

You’ve got some very salient points... We’re really intrested in making this as rock solid as possible. Perhaps you could coordinate with netnoise (our security focused team member) to discuss some ideas of ways to make it better... Thanks so much for keeping a sharp eye out!