A recent vulnerability in TWiki software allows remote attackers to execute arbitrary commands on the affected system with the privileges of the Web server process. We received reports that attackers ares beginning to exploit this vulnerability, which increases the severity of this flaw.
To learn more about this problem, and to download a patch, go to: http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev TWiki is a popular web-based collaboration tool. If you have it installed, we urge you to patch it as soon as possible. We are expecting to see a worm that exploits the recent vulnerability pretty soon. Chas Tomlin provided us with the following Snort signature, which he put together with help from others: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB twiki rev access"; flow:to_server,established; uricontent:"/bin/view/Main/TWikiUsers?"; nocase; pcre:"/rev=\d+%20/i"; classtype:web-application-activity; reference:url,secunia.com/advisories/16820/; sid:2002366; rev:2;) This rule is also available from the Bleeding Snort website. |
Lenny 216 Posts Sep 16th 2005 |
Thread locked Subscribe |
Sep 16th 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!