OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki

PKP Support

Support forums for the Public Knowledge Project

Skip to content


Software Hosting and Development Services available at PKP Publishing Services

As the developers of Open Journal Systems, Open Conference Systems, Open Harvester Systems, and Open Monograph Press, the PKP team are experts in helping journal managers and conference organizers make the most of their online publishing projects. PKP Publishing Services offers support for:

As a customer of PKP Publishing Services, you will not only receive direct, personalized support from the PKP Development Team, but will be contributing to the ongoing development of the PKP applications. All funds raised by PKP Publishing Services go directly toward enhancing our free, open source software. For more information, please contact us.

Security vulnerability in Open Conference Systems (OCS) 1.x

Are you a Director, Presenter, Reviewer or Conference Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael

Forum rules
This forum is meant for general questions about the usability of OCS from an everyday user's perspective: conference managers, presenters, and directors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OCS and how the workflow works, as well as specific function- or user-related questions.

What to do if you have general, workflow or usability questions about OCS:

1. Read the documentation. We've written documentation to cover from OCS basics to system administration and code development, and we encourage you to read it.

2. take a look at the tutorials. We will continue to add tutorials covering OCS basics as time goes on.

3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OCS Technical Support subforum; if you have a development question, try the OCS Development subforum.
Post a reply

Security vulnerability in Open Conference Systems (OCS) 1.x

Postby kstranac » Fri Oct 20, 2006 11:43 am

A serious security vulnerability has been discovered in PKP Open Conference Systems (OCS) 1.x.

Details are available at:

http://www.securityfocus.com/archive/1/448548/30/30/threaded

A patch is available to correct the problem. You should apply this patch immediately by running

patch -p1 < cumulative.diff

in the ocs installation directory.

Intruders can take advantage of this expoit through privilege escalation to gain control of the hosting server. You should check to see if there have been any logins by privileged users from unauthorized IP addresses in the last week. Also, exploit attempts can be found by searching the logs for requests to theme.inc.php and footer.inc.php with "fullpath" specified as a URL parameter.

This vulnerability does not affect the PKP Open Journal Systems or the PKP Metadata Harvester. It does not affect any of the more recent OCS 2.x releases.

If you have any questions about this exploit, please contact us.
kstranac
Site Admin
 
Posts: 73
Joined: Wed Sep 21, 2005 3:31 pm
Top
Post a reply

Return to OCS Conference Support and Discussion

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Group
cron