From: InfoSec News (alertsinfosecnews.org)
Date: Tue May 08 2012 - 04:19:39 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://arstechnica.com/business/news/2012/05/attackers-target-unpatched-php-bug-allowing-malicious-code-execution.ars

By Dan Goodin
ars technica
May 7, 2012

A huge number of websites around the world are endangered by an
unpatched vulnerability in the PHP scripting language that attackers are
already trying to exploit to remotely take control of underlying
servers, security researchers warned.

The code-execution attacks threaten PHP websites only when they run in
common gateway interface (CGI) mode, Darian Anthony Patrick, a Web
application security consultant with Criticode, told Ars. Sites running
PHP in FastCGI mode aren't affected. Nobody knows exactly how many
websites are at risk, because sites also must meet several other
criteria to be vulnerable, including not having a firewall that blocks
certain ports. Nonetheless, sites running CGI-configured PHP on the
Apache webserver are by default vulnerable to attacks that make it easy
for hackers to run code that plants backdoors or downloads files
containing sensitive user data.

Making matters worse, full details of the bug became public last week,
giving attackers everything they need to locate and exploit vulnerable
websites.

"The huge issue is the remote code execution, and that's really easy to
figure out how to do," Patrick said. "If I as an attacker found it
existed on a particular site, it would be exciting because I own
everything. It's the kind of vulnerability where it's probably not super
prevalent, but if it's there, it's not a minor thing."

[...]

_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]