Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Mambo Exploit Confirmed in the Wild - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mambo Exploit Confirmed in the Wild
In reference to yesterday's diary entry about the vulnerability in the Mambo content management system, we received several confirmations that it is being exploited in the wild. An ISC reader supplied us with a captured attack packet, which demonstrated an attempt to upload a copy of a PHP-based backdoor (Loader'z WEB Shell) to the vulnerable system.

The official fix to address the flaw will be released later this month as part of Mambo 4.5.3. In the mean while, you can patch your Mambo system manually by following instructions in the following posting:

http://forum.mamboserver.com/showthread.php?t=65917

Also, the Mambo Development Team reports that the vulnerability doesn't seem to affect PHP 4.4.1 or PHP 5.0.4 or later. (Thanks to Rick Hoppe for the pointer to the fix.)

Lenny Zeltser
ISC Handler on Duty
www.zeltser.com
Lenny

216 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!