In reference to yesterday's diary entry about the vulnerability in the Mambo content management system, we received several confirmations that it is being exploited in the wild. An ISC reader supplied us with a captured attack packet, which demonstrated an attempt to upload a copy of a PHP-based backdoor (Loader'z WEB Shell) to the vulnerable system.
The official fix to address the flaw will be released later this month as part of Mambo 4.5.3. In the mean while, you can patch your Mambo system manually by following instructions in the following posting:
Also, the Mambo Development Team reports that the vulnerability doesn't seem to affect PHP 4.4.1 or PHP 5.0.4 or later. (Thanks to Rick Hoppe for the pointer to the fix.)
ISC Handler on Duty
Nov 20th 2005
1 decade ago