Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Mambo Exploit Confirmed in the Wild SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mambo Exploit Confirmed in the Wild
In reference to yesterday's diary entry about the vulnerability in the Mambo content management system, we received several confirmations that it is being exploited in the wild. An ISC reader supplied us with a captured attack packet, which demonstrated an attempt to upload a copy of a PHP-based backdoor (Loader'z WEB Shell) to the vulnerable system.

The official fix to address the flaw will be released later this month as part of Mambo 4.5.3. In the mean while, you can patch your Mambo system manually by following instructions in the following posting:

Also, the Mambo Development Team reports that the vulnerability doesn't seem to affect PHP 4.4.1 or PHP 5.0.4 or later. (Thanks to Rick Hoppe for the pointer to the fix.)

Lenny Zeltser
ISC Handler on Duty

216 Posts
Nov 20th 2005

Sign Up for Free or Log In to start participating in the conversation!