main top header image show network and world montage
clear spacer image
Main Menu
Home
News
About Us
Tutorials
Forums
Contact Us
Newsletter
Search
Recommend Us
Tools Menu
Order Web Hosting
Register Domain Name
Transfer Domain Name
Who Owns Domain?
Domain Suggestions
Manage Domain Name
Search Engine Submit
Free Files
Submit Trouble Ticket
 


clear spacer image Home
ewiget
Admin

Admin
Posts: 171
graph
Karma: 2  
Mambo 4.5.x bug/worm allows remote compromise - 2005/12/06 10:21 The following information was posted to Bugtraq Security mailing list on 12-05-2005 and was verified at the mamboserver.com web site by our technical support staff. We have spent the last 12 hours researching, testing, and finally applying the patches to all client hosted mambo web sites. None of our servers were affected by this bug or worm and none of our hosted web sites were compromised due to our continued diligence in monitoring security related mailing lists.

Thanks,
Ed Wiget
---------------------------------------------------------------------------------------------------- -----
Original Email Follows

[BACKGROUND]
Mambo is a dynamic portal engine and content management system.
The software is written in PHP. A computer researcher which goes
under the alias rgod released an exploit for the "register_globals"
Emulation Layer Overwrite vulnerability and just a few days after
the vulnerability was released increased attacks for this vulnerability
was monitored, the increased traffic is due to a worm which is
currently in the wild.



[DESCRIPTION]
Linux/Elxbot is a backdoor for the Mambo vulnerability. It will search
on Google for vulnerable targets. Once it infects a computer it will
connect to a predetermined IRC server where the attackers will wait and
have the possibility to gain access to the infected computer. The attackers
may also perform various tasks such as:

* Execute arbitrary commands
* TCP flood
* HTTP flood
* UDP flood
* Search Google for more vulnerable targets
* Portscan

On certain systems it will also download a perl script which will
allow the attacker to create a backchannel and spawn a shell on
the infected computer with the same privileges as the running webserver.


A detailed profile is available for Outpost24 members, for more information
please visit our webpage at http://www.outpost24.com



[SOLUTION]
Download the latest version from the official Mambo homepage or
download the specific patch for this vulnerability.

http://mamboforge.net/frs/download.php/7636/Mambo4523.security_fix.zip




[AUTHOR]
Backdoor was analyzed by David Jacoby at Outpost24 Security
http://www.outpost24.com Ed Wiget
Technical Support
http://www.xtremewebhosts.com
  | | The administrator has disabled public write access.
Joomlaboard Forum Component 1.1.4 Stable
Two Shoes M-Factory
Professional Web Site Design & Hosting Service - References Available by Request

© 2009 Xtreme Web Hosts - Professional web site hosting, business website hosting and domain names
Joomla! is Free Software released under the GNU/GPL License.
Today is:   Tuesday, 06 January 2009 01:35