Re: PHP Worm
On Tue, Dec 21, 2004 at 09:29:01PM +0100, Florian Weimer wrote:
> * Dane Johansson:
>
> > I hope I am sending this to the right list :)
> >
> > Today I read about a new Networm, see more here:
> > http://www.europe.f-secure.com/v-descs/santy_a.shtml
> >
> > I then proceed to check what phpbb.com has to say
> > about this and I find this:
> > http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046
>
> AFAIK, the worm uses the viewtopic.php vulnerability which was
> disclosed in November:
>
> <http://www.securiteam.com/unixfocus/6J00O15BPS.html>
This particular vulnerability in phpbb itself, as explained in this
securiteam.com URL, has been fixed in Debian as of the 2.0.10-3 version
of phpbb2 packages.
It is something DIFFERENT than the issue quoted by Dane Johansson on the
phpbb.com site.
However, it is not yet clear to me whether there are worms/exploits that
are exploiting the PHP vulnerabilities as discussed in that phpbb.com
announcement (which is the same set of vulnerabilities as in #285845,
which are fixed in sid at the moment of writing, but not yet in sarge or
woody).
It has however been confirmed to me that woody's version of php4 is
vulnerable, and also that fixing those holes is nontrivial due to
sub-optimal security support from upstream PHP.
--Jeroen
--
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
Reply to:
- References:
- PHP Worm
- From: Dane Johansson <ratdeath@bredband.net>
- Re: PHP Worm
- From: Florian Weimer <fw@deneb.enyo.de>