Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10

From: Jerry Bell (jerry_at_syslog.org)
Date: 12/28/04

  • Next message: Peter C. Lai: "Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10" 
    Date: Mon, 27 Dec 2004 20:28:15 -0500 (EST)
To: estover@nativenerds.com

    The update for phpbb came out a while ago, and it looks like the ports
    were updated on 11/25/2004. Have you tried updating the ports? I think
    this is already addressed.

    On a side note, I'm suprised you didn't get hit by the worm (unless it
    happened before the worm came out). There is a new worm out now that
    attacks some weak php programming, though it's not very widespread. See
    http://www.syslog.org/Article10.phtml for a little more detail.

    I don't know if it's a worm or not, but I'm seeing people trying to attack
    my site pretty frequently lately.

    Best regards & happy holidays,

    Jerry
    http://www.syslog.org

    > I think, there is a neat exploit in the phpbb2.0.8 because I found my home
    > page defaced one dark morning. The patch for phpBB is here.
    > http://www.phpbb.com/downloads.php
    >
    > The excerpt of the log is attached.
    >
    > I believe the link to the described exploit is here.
    > http://secunia.com/advisories/13239
    >
    > The defacement braggen page is here filter to show the exploited FreeBSD
    > machines that aneurysm.inc has defaced
    > http://www.zone-h.org/en/defacements/filter/filter_defacer=aneurysm.inc/filter_system=FreeBSD/page=1/
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to
    > "freebsd-security-unsubscribe@freebsd.org"
    >

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Peter C. Lai: "Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10"

    Relevant Pages

    • Re: UDP Ports, closing Win2K Server (No IIS)
      ... What's listening on UDP 995? ... The worm spreads via email but some antivirus vendors report ... against using IPSec as a firewall, and blocking just one or two ports here ...
      (microsoft.public.inetserver.iis.security)
    • Re: Question: excessive pinging by the same IP
      ... If it is the same range of ports on a somewhat "regularly scheduled ... interval" than it is usually a worm or an automated script. ... find the peace and quiet it will afford you from such alerts quite ...
      (comp.security.firewalls)
    • Re: ICF and File Sharing
      ... Those ports are the critical ones and should not be opened without any valid reason. ... Windows XP Shell ... What You Should Know About the Sasser Worm and It Variants: ...
      (microsoft.public.windowsxp.general)
    • RE: New script-kiddie looking scan
      ... but what i can see from your logfile it looks like its just a vulnerability scanner. ... But i dont think its a worm becuase worms often use use a specific vulnerability ... in succession from increasing source ports). ...
      (Incidents)
    • Re: Comcast blocks Exchange - any way around this?
      ... I ran into problems sending e-mail, ... It was MSBlast & their FAQ said it was temporary. ... worm, Comcast has temporarily shut down access to ports 135 and 445. ...
      (microsoft.public.windows.server.sbs)