Those of you that run web servers have probably noticed in your logs that there is a lot of scanning activity looking for vulnerabilities in PHP or web applications that are written in PHP. Even after all these months there are still scans for the old awstats vulnerability and the XML-RPC vulnerabilities in PHP itself from a few months back. Well, there are a couple of new ones in the last week or so that I thought deserved a mention.
Several days ago Secunia issued a bulletin discussing a new vulnerability in phpBB-2.0.18 (which is the latest one and which, unfortunately, has been a pretty popular target over the last year or so). Fortunately, the vulnerability can only be exploited if a couple of settings are changed from the default to values that will open your web server to a lot more problems than just this one. Having said that, the exploit is now in the wild, so if you are running phpBB, make sure that you follow the recommendations and that "Allow HTML" and register_globals are both disabled. One of our intrepid readers also noticed that an exploit has been posted in several places that will do brute force dictionary attacks to get the passwords of phpBB users.
Also, a couple of days ago a worm started making the rounds exploiting a vulnerability in the genealogy application PhpGedView. The authors have posted patches here which users are encouraged to apply as soon as possible.
Jim Clausing, jac /at/ isc.sans.org
I will be teaching next: Malware Reverse-Engineering Challenge - Community SANS Seattle FOR610
Dec 22nd 2005
1 decade ago