Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: php icalendar vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
php icalendar vulnerability
---------------------------
Update2:

George from TenableSecurity wrote two nessus plugins that checks for the vulnerabilities:

http://www.nessus.org/plugins/index.php?view=single&id=21083
http://www.nessus.org/plugins/index.php?view=single&id=21091

Both are available currently for those with direct plugin feeds and will become available in 3 days for those with registered feeds.

---------------------------
Update:
According to the exploit for one of the vulnerabilities, it will only work if  phpicalendar_publishing is set to 1 in config.inc.php, so, for now if you have this parameter set to 0, you may be safe.
echo "this works if \"phpicalendar_publishing\" is set to 1 in config.inc.php\r\n\r\n";

I didnt verify this yet, so you can expect another update on this...
---------------------------
Yes, another vulnerability on another php application that can lead to another php worm style...
This time the affected application is the php icalendar, according to a security advisory at Frsirt , and even worst, there are already two exploits available for it, and, no vendor patch yet...
My personal recommendation, if you use Php icalendar or any other app is to keep it current, and in this particular case, if possible, remove it until a patch/new version is available...

-------------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno //&&//  isc. sans. org )
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!