Security issue in XML-RPC library

You might have come across the security bulletin already, but there's quite a serious security issue in the PHP XML-RPC Library that is used by Nucleus and a bunch of other projects. Untill we have a new package available for download with the updated library, here is how to disable XML-RPC support on Nucleus:

  1. Delete the /nucleus/xmlrpc/ directory on your server. This will remove the XML-RPC server from Nucleus. As a result, nobody will be able to connect to Nucleus using external tools (wbloggar to name just one) anymore.
  2. In the /nucleus/libs/ directory, replace xmlrpc.inc.php and xmlrpcs.inc.php by empty files. These are the actual libraries. Though this step is optional, you should do this just to be sure. Do keep in mind that after this, pinging weblogs.com won't work anymore.

After these steps have been completed, the XML-RPC library is fully removed and your Nucleus installation is safe again. We're wrapping up a release with a fixed version of the library, which should be avaliable as soon as possible.



30/06 - Permalink

Valid XHTML. © 2001-2006 The Nucleus Group. Hosting sponsored by Chris. Design by Ivan Fong