Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: e107 CMS system website compromised SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
e107 CMS system website compromised

The website of e107 CMS system was found to be compromised, directing users to malware site but was fixed within a few hours after the news got posted on Bugtraq mailing list. A notice posted on the website after the clean up points to the delay in patching to the latest released e107 software as the problem, as the latest version released few days ago fixed a security vulnerability.

There were also a zip file containing the e107 package that was backdoored. This file was located on the e107.org instead of Sourceforge which is the normal repository for e107. If you are running e107 (version 0.7.17), you might want to download the latest version from Sourceforge and compare source.

Lessons learned, patch quickly, especially if it is software you wrote and/or the public has access to the source code.

 

 

Jason

93 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!