KaneKahn
12-22-2004, 03:06 AM
Please read these articles about this new Worm for PHP Sites...
Worm uses Google to find vulnerable sites
A worm which exploits serious vulnerabilities (http://smh.com.au/articles/2004/12/17/1102787258613.html) in the open source server-side scripting language PHP is using Google to locate bulletin boards which are using the phpBB bulletin board software.
Anti-virus software company Sophos said the Santy worm was written in Perl and could attack vulnerable sites on both Windows-based and Unix-based platforms.
"Once the worm has spread to three or more servers it will attempt to overwrite all HTM*, PHP*, ASP*, SHTM*, JSP* and PHTM* files with a web page containing the following message: 'This site is defaced!!! NeverEverNoSanity WebWorm generation'," Sophos said.
Finnish anti-virus software maker F-Secure said Santy used Google search to randomly find other hosts; part of the search strong contained "viewtopic.php".
Exploit code showing how the flaws could be used to steal database passwords from sites using phpBB was released (http://smh.com.au/articles/2004/12/21/1103391741227.html) on public mailing lists a few days ago.
The phpBB team has already released fixes (http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046) for the vulnerabilities and advised users to upgrade.
Multiple flaws found in PHP, Ethereal
Multiple critical vulnerabilities have been reported in the open source scripting language PHP, according to an advisory issued by security advisory service Secunia.
Researcher Stefan Esser, who runs the hardened PHP project, which adds security hardening features to PHP, discovered some of the vulnerabilities which could allow local and remote execution of arbitrary code.
Others were found by researcher Martin Eiszner and by the PHP project.
The PHP team issued a new releases (http://www.php.net/downloads.php), 4.3.10, which fixes all the bugs and also a number of non-critical issues.
Serious issues have also been discovered in Ethereal, an open source network protocol analyser for Unix and Windows.
The vulnerabilities, reported by researchers Matthew Bing and Brian Caswell and the vendor, could be exploited to cause a denial of service, potentially compromise a vulnerable system or execute arbitrary code,
An update (http://www.ethereal.com/news/item_20041215_01.html) has been released to fix these problems.
Exploit code targets PHP flaws
Exploit code that takes advantage of serious vulnerabilities (http://smh.com.au/articles/2004/12/17/1102787258613.html) in the open source server-side scripting language PHP has been published on public mailing lists.
The exploit shows how one can steal database passwords from sites using the popular phpBB bulletin board software.
The phpBB team has notified users of the exploit, advising them to upgrade to versions of PHP in which the vulnerabilities have been fixed.
"Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions," the advisory said.
The network security provider Netcraft said similar flaws could affect other popular web applications such as Invision Power Board, vBulletin and PHPAds.
psoTFX,Sat Dec 18, 2004 6:57 AM
Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.
It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB's config.php file. We therefore recommend the following:
1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.
2) If you pay for hosting ensure you hosting provider has upgraded thier installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification).
Please do not submit this PHP issue to our security tracker, it is beyond our control. Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any "hacking" issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions.
_________________
<font size=-1>[ This Message was edited by: KaneKahn on 2004-12-22 01:08 ]</font>
<font size=-1>[ This Message was edited by: KaneKahn on 2004-12-22 01:09 ]</font>
Worm uses Google to find vulnerable sites
A worm which exploits serious vulnerabilities (http://smh.com.au/articles/2004/12/17/1102787258613.html) in the open source server-side scripting language PHP is using Google to locate bulletin boards which are using the phpBB bulletin board software.
Anti-virus software company Sophos said the Santy worm was written in Perl and could attack vulnerable sites on both Windows-based and Unix-based platforms.
"Once the worm has spread to three or more servers it will attempt to overwrite all HTM*, PHP*, ASP*, SHTM*, JSP* and PHTM* files with a web page containing the following message: 'This site is defaced!!! NeverEverNoSanity WebWorm generation'," Sophos said.
Finnish anti-virus software maker F-Secure said Santy used Google search to randomly find other hosts; part of the search strong contained "viewtopic.php".
Exploit code showing how the flaws could be used to steal database passwords from sites using phpBB was released (http://smh.com.au/articles/2004/12/21/1103391741227.html) on public mailing lists a few days ago.
The phpBB team has already released fixes (http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046) for the vulnerabilities and advised users to upgrade.
Multiple flaws found in PHP, Ethereal
Multiple critical vulnerabilities have been reported in the open source scripting language PHP, according to an advisory issued by security advisory service Secunia.
Researcher Stefan Esser, who runs the hardened PHP project, which adds security hardening features to PHP, discovered some of the vulnerabilities which could allow local and remote execution of arbitrary code.
Others were found by researcher Martin Eiszner and by the PHP project.
The PHP team issued a new releases (http://www.php.net/downloads.php), 4.3.10, which fixes all the bugs and also a number of non-critical issues.
Serious issues have also been discovered in Ethereal, an open source network protocol analyser for Unix and Windows.
The vulnerabilities, reported by researchers Matthew Bing and Brian Caswell and the vendor, could be exploited to cause a denial of service, potentially compromise a vulnerable system or execute arbitrary code,
An update (http://www.ethereal.com/news/item_20041215_01.html) has been released to fix these problems.
Exploit code targets PHP flaws
Exploit code that takes advantage of serious vulnerabilities (http://smh.com.au/articles/2004/12/17/1102787258613.html) in the open source server-side scripting language PHP has been published on public mailing lists.
The exploit shows how one can steal database passwords from sites using the popular phpBB bulletin board software.
The phpBB team has notified users of the exploit, advising them to upgrade to versions of PHP in which the vulnerabilities have been fixed.
"Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions," the advisory said.
The network security provider Netcraft said similar flaws could affect other popular web applications such as Invision Power Board, vBulletin and PHPAds.
psoTFX,Sat Dec 18, 2004 6:57 AM
Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.
It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB's config.php file. We therefore recommend the following:
1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.
2) If you pay for hosting ensure you hosting provider has upgraded thier installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification).
Please do not submit this PHP issue to our security tracker, it is beyond our control. Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any "hacking" issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions.
_________________
<font size=-1>[ This Message was edited by: KaneKahn on 2004-12-22 01:08 ]</font>
<font size=-1>[ This Message was edited by: KaneKahn on 2004-12-22 01:09 ]</font>