Date: 23 November 2005
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2005.0028 AUSCERT Advisory
Mambo 4.5.2.3 and prior
Remote file inclusion vulnerability allows execution of arbitrary code
23 November 2005
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: Mambo 4.5.2.3 and prior
Operating System: UNIX variants
Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
OVERVIEW:
Mambo versions 4.5.2.3 and prior contain a serious vulnerability
allowing remote execution of arbitrary PHP code.[1][2]
The vulnerability is in globals.php which allows arbitrary remote PHP
files to be included and executed by overwriting the global
mosConfig_absolute_path parameter.
AusCERT advises that an exploit for this vulnerability is publicly
available and widespread exploitation of vulnerable web servers has
been reported.[3]
IMPACT:
A remote attacker can execute arbitrary code on the web server with the
privileges of the httpd.
MITIGATION:
Patched files fixing this vulnerability are available from Mamboforge
at the URL:
http://mamboforge.net/frs/download.php/7636/Mambo4523.security_fix.zip
These files need to be installed manually into the Mambo root and
administrator directories.
REFERENCES:
[1] Mambo announcement
http://news.mamboserver.com/index.php?option=com_content&task=view&id=2144&Itemid=2
[2] Full disclosure mailing list post
http://marc.theaimsgroup.com/?l=full-disclosure&m=113215591823624&w=2
[3] SANS Handler Diary
http://isc.sans.org/diary.php?date=2005-11-20
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQ4QEIih9+71yA2DNAQL93AP9Ehpyy0PeVFk34TmlJtvlTsQW2OQrnDFS
RlTQBkFp003AvgDnVDCgW8mu+8LeNBOc99LKOaTIfMVcAvo1gziUVGI5o1mUHvaJ
e++LK3ZbqnaTisfA0CaP7B98OM2BuxK+OUE3bxlBsrY356NETEXqlOBYP63t9blz
GBddxnZ7g80=
=L8dl
-----END PGP SIGNATURE-----
|