It looks like it is going to be a bleak year for PhpBB securitywise , do not get me wrong however , i am a big fan of the software and it is the bulletin board that i will always use.
With not less than 3 major security vulnerabilities in the last 3 months and still hundreds of unpatched installations providing a rich meal for the growing number of phpbb worms , i was recently to discover that some of my phpbb installations were on the menu.
It was about one hour into 27 feb when i took a quick glance on my server logmon screen on my way to bed , and i could not feel unstartled by the chr(32)%252Echr(113).... strings i see in some recent http requests when the error log prints some messages about writing to /tmp/ , now there is no doubt , i stop apache , kill perl and the shell bot running under it , clear /tmp and start googling.
Introducing CAN-2004-1315 and the Santy/AWS worm variant by some brazilian hackers that with it compromised my system and tried to make it just another zombie on their botnet that the kind people at SANS promtly closed down after my report
Now fast forward to today , i am now all upgraded from phpbb 2.0.5 to 2.0.12 but that does not make me less curious when i see messages about failing to allocate memory , issue i am aware of occuring when doing phpbb backups , but i am not doing any
Introducing CAN-2005-0614 , as i have not upgraded to PhpBB 2.0.13 yet now anyone can perform administrative tasks on my board
Well that by itself is not a security conpromise for my machine , BUT , introducing http://www.securityfocus.com/bid/7932 , so it seems that anyone having phpbb admin privileges can also run code ( CAN-2004-1235 ) on my machine (and they did) .
Evidently i am now all patched and upgraded to 2.0.13 , one day short of my time for cleaning the box and really concerned about the security future of phpbb as at this time there is still no patch to stop a user with legitimate admin privileges from executing shell code on your system trough admin_styles.php .
So until that is fixed , make sure you trust your phpbb admins .
March 15, 2005, 6:22 pm
PhpBB worms feeding frenzy
Trackbacks
The trackback uri for this entry ishttp://alexamancini.com/blog/trackback.php/1/7
Listed below are the weblogs that reference this post
Comments
I wanna to buy notebook, please give me advice to choose what better.
Apple MacBook Pro (ZOEC002P1) vs Sony VAIO VGN-AR61ZRU
Why you think about this notebook?
Excuse if I was mistaken section.
Apple MacBook Pro (ZOEC002P1) vs Sony VAIO VGN-AR61ZRU
Why you think about this notebook?
Excuse if I was mistaken section.
Дешево и быстро выполняются работы по установке и наладке:
- Эфирное телевидение- 19 телевизионных каналов вещающих с Останкинской телебашни.
- Спутниковое телевидение Триколор ТВ- 32 телевизионных русскоязычных каналов.
- Спутниковое телевидение НТВ+ - более 100 телевизионных каналов.
- Спутниковое телевидение Hotbird - более 400 телевизионных европейских каналов.
Подробности по телефону 8-926-670-86-81 (Константин)
Гарантия САМЫХ низких цен и достойного качества!
ВНИМАНИЕ! Услуга предоставляется на территории Москвы и Подмосковья!
8-926-670-86-81 (Константин)
icq 291471738
Всем удачи!
- Эфирное телевидение- 19 телевизионных каналов вещающих с Останкинской телебашни.
- Спутниковое телевидение Триколор ТВ- 32 телевизионных русскоязычных каналов.
- Спутниковое телевидение НТВ+ - более 100 телевизионных каналов.
- Спутниковое телевидение Hotbird - более 400 телевизионных европейских каналов.
Подробности по телефону 8-926-670-86-81 (Константин)
Гарантия САМЫХ низких цен и достойного качества!
ВНИМАНИЕ! Услуга предоставляется на территории Москвы и Подмосковья!
8-926-670-86-81 (Константин)
icq 291471738
Всем удачи!
Do you dream of your ?
May be you prefer ?
With over 100 species of domestic and ?
Don't beat me!
May be you prefer ?
With over 100 species of domestic and ?
Don't beat me!
to: Admin - If You want to delete your site from my spam list, please sent url of your domain to my e-mail: stop.spam.today@gmail.com
And I will remove your site from my base within 24 hours
webmastegz
And I will remove your site from my base within 24 hours
webmastegz
to: Admin - If You want to delete your site from my spam list, please sent url of your domain to my emai: stop.web.spam@gmail.com
And I will remove your site from my base within 24 hours
webmastegz
PS. As the previous address of an e-mail has been removed also all letters on it have been lost I is compelled to make this dispatch once again.
PS2. To send url your site on an e-mail stop.web.spam@gmail.com is a unique way to avoid a spam from me. To write abuses to the various "stop spam" sites - it is useless.
PS3. Your addresses of an e-mail are not necessary to me, you can create an e-mail through free service and send me yours url through this e-mail
PS4. sorry for my bad English :)
And I will remove your site from my base within 24 hours
webmastegz
PS. As the previous address of an e-mail has been removed also all letters on it have been lost I is compelled to make this dispatch once again.
PS2. To send url your site on an e-mail stop.web.spam@gmail.com is a unique way to avoid a spam from me. To write abuses to the various "stop spam" sites - it is useless.
PS3. Your addresses of an e-mail are not necessary to me, you can create an e-mail through free service and send me yours url through this e-mail
PS4. sorry for my bad English :)
to: Admin - If You want to delete your site from my spam list, please visit this site for instructions: stopspam.idoo.com
to: Admin - If You want to delete your site from my spam list, please visit this site for instructions: remove-url.co.cc
on June 3, 2008, 4:02 am