Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-03-21 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

php icalendar vulnerability

Published: 2006-03-21
Last Updated: 2006-03-21 23:53:28 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
---------------------------
Update2:

George from TenableSecurity wrote two nessus plugins that checks for the vulnerabilities:

http://www.nessus.org/plugins/index.php?view=single&id=21083
http://www.nessus.org/plugins/index.php?view=single&id=21091

Both are available currently for those with direct plugin feeds and will become available in 3 days for those with registered feeds.

---------------------------
Update:
According to the exploit for one of the vulnerabilities, it will only work if  phpicalendar_publishing is set to 1 in config.inc.php, so, for now if you have this parameter set to 0, you may be safe.
echo "this works if \"phpicalendar_publishing\" is set to 1 in config.inc.php\r\n\r\n";

I didnt verify this yet, so you can expect another update on this...
---------------------------
Yes, another vulnerability on another php application that can lead to another php worm style...
This time the affected application is the php icalendar, according to a security advisory at Frsirt , and even worst, there are already two exploits available for it, and, no vendor patch yet...
My personal recommendation, if you use Php icalendar or any other app is to keep it current, and in this particular case, if possible, remove it until a patch/new version is available...

-------------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno //&&//  isc. sans. org )
Keywords:
0 comment(s)

Malware Analysis Quiz 6 results

Published: 2006-03-21
Last Updated: 2006-03-21 16:04:59 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
For those following my Malware Analysis Quizes, I just posted the results of the part 6! Even if you didnt send your answers, I recommend to read some of the results there! There are quite good ones!
I will probably post a new one in the begin of april! Thanks for all of those that put some efforts on the analysis!
-----------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno //&&// isc. sans. org)
Keywords:
0 comment(s)
Diary Archives