[Web4lib] Important information for users of PKP Open Conference
Systems
Mark Jordan
mjordan at sfu.ca
Tue Oct 17 19:26:26 EDT 2006
A serious security flaw has been discovered in version 1.x of the PKP
Open Conference Systems. Further information and a patch is available at
http://www.lib.sfu.ca/about/pkp_exploit.htm
You are urged to apply this patch as soon as possible since intruders
can potentially take advantage of privilege escalation to gain control
of the hosting server. You should check to see if there have been any
logins by privileged users from unauthorized IP addresses in the last
week or so and if any suspicious files have been uploaded to the hosting
server.
This vulnerability does not affect the PKP Open Journal Systems or the
PKP Metadata Harvester.
Please forward this message to anyone who you know uses one of these
applications.
Mark
Mark Jordan
Head of Library Systems
W.A.C. Bennett Library, Simon Fraser University
Burnaby, British Columbia, V5A 1S6, Canada
Phone (604) 291 5753 / Fax (604) 291 3023
mjordan at sfu.ca / http://www.sfu.ca/~mjordan/
More information about the Web4lib
mailing list