CcMail 1.0.2 released with critical security FIX
Posted by in Hardware & Software, Sticky. Tags: ccmail, web.
This minor release fixes a known problem reported here, that allowed a remote attacker to easily grant access to the admin area. Steps to reproduce the bug are reported in the page. Update is HIGHLY RECOMMENDED.
I also added some other language packs and updated some broken links.
Update CcMail
Updating CcMail is easy and recommended:
- download the new version
- unpack it
- overwrite the contents of your ccmail/ installation folder with the ones of the new version, but…
- DO NOT OVERWRITE data/ folder or config.php file, where data are stored.
- run admin.php
Download version 1.0.2
You can download the new version here: CcMail 1.0.2 (318.8 KiB, 25,521 hits)
May 25th, 2008 at 22:16
uploaded new version. Login, then directed to encrypted page called protect.php. Can’t get to admin.php anymore …
May 27th, 2008 at 02:12
Hi,
I am trying to update my ccmail, but am getting errors that look like this when I try to log in as administrator or in my usual way:
Admin$1$cocqFgR6$s9nAJiFvVDkzQbAbxeQSY/$1$m6kEvydC$hke6EPlanhcYu/Srsdp6M1
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/ccmail/protect.php:118) in /var/www/html/ccmail/protect.php on line 120
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/ccmail/protect.php:118) in /var/www/html/ccmail/protect.php on line 121
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/ccmail/protect.php:118) in /var/www/html/ccmail/protect.php on line 122
What have I done wrong? (I didn’t replace the data folder or the config.php file, and followed the instructions very precisely)
May 29th, 2008 at 16:48
Hi,
Have you informed your users about the vulnerability and about the update? Please do it If you have not done so already. Thanks!
I am afraid I did not receive a notification and was lucky enough to learn about the problem just by chance.
best regards
Andreas
May 30th, 2008 at 08:48
i only informed people subscribed to my mailing list. i was informed about the bug only one month after it was discovered.
May 30th, 2008 at 21:20
Hi,
I downloaded the latest and set it back up on the webserver. I still get the same problem, goes to protect.php and outputs this string:
admin_user$1$ZbQqaUH3$ftmKa.PlfjoG.mOvE8V/l.$1$MCXKJltp$ShEGC/EWhnwar3TVaQOw3.
June 2nd, 2008 at 08:34
i can’t use schedule, can you tell me more information for use schedule ?
best regards
Tik
June 2nd, 2008 at 08:36
again
in your website have forum?
where? i can’t find.
June 3rd, 2008 at 08:43
@Richard Long : please make sure to download the package again and replace your protect.php file with the newer one.
@Tik: the embedded handbook should provide the info. there was a forum but it was disabled due to spam.
June 11th, 2008 at 09:05
hello
i Schedule 6000 email and i staying for send
but the script didnt send automatically
its the picure
script stay here and i don know what shoud id Do?
http://tinypic.info/files/tgacvmlhv090skf8vlnp.jpg
June 19th, 2008 at 08:12
Hi, I’m trying ccmail for the site of my association but probably I misunderstood the meaning and the functionality of this software, because I am looking for something that allows me to create a mailing list, so that every user could write an email to a common address and everybody who is inside the list will receive that mail. Is it possible with the current version of ccmail?
for the rest (i.e. sending newsletter) I found it very nice. Thank you!
marco
June 19th, 2008 at 09:18
@hadi: from ccmail manual: “Scheduling is executed automatically when you open schedule.php (ccmail/ folder). ”
@Marco: you can get this functionality by giving everyone admin rights, that is creating a lot of admins… but you have to edit config.php file by hand for every user. a simpler solution would be everyone sharing a common account…
July 2nd, 2008 at 17:40
Hi, one bug - I can’t send letters in Russuan or Ukrainian languages - I’ll try to do something with encoding now, and post results later
July 10th, 2008 at 08:19
Hi cico.
It is great tool for sending mail,May i know the maximum number mail that can be send in a mass mail through ccmail and waiting for your mysql supporting version
Thank you
July 16th, 2008 at 17:55
what is the limit for email address. I got a list of 160000 that I want to import to ccmail. The Mailing List Manager CCMail will support that?
thanks
July 16th, 2008 at 17:58
Just one more question: When I delete a user, is he removed forever from the server?
thanks a lot
July 16th, 2008 at 20:24
hi joe, i’m sorry but ccmail is unable to manage such a number of people. this is mainly due to text database - which is at the same time its strenght point. consider a maximum of 10000 users, even though it depends on the server.
as for the second question yes, deleted users can be restored.
July 17th, 2008 at 21:31
How do I send a HTML email? I’ve tried to put a html script in the html field but doesn’t work.
July 21st, 2008 at 18:28
Ok, I got it about html. But now I tried to hide a Group and comes this message - Notice: A non well formed numeric value encountered in /home/a8208115/public_html/ccmail/functions/groups.php on line 60
Can you help me?
Thanks
August 16th, 2008 at 11:23
Hi Cico,
thanx for the script. just what I was looking for.
just one question: is it possible to make an html template that you can (re-)use for the mail, like a newsletter?