http://arstechnica.com/business/news/2012/05/attackers-target-unpatched-php-bug-allowing-malicious-code-execution.ars By Dan Goodin ars technica May 7, 2012 A huge number of websites around the world are endangered by an unpatched vulnerability in the PHP scripting language that attackers are already trying to exploit to remotely take control of underlying servers, security researchers warned. The code-execution attacks threaten PHP websites only when they run in common gateway interface (CGI) mode, Darian Anthony Patrick, a Web application security consultant with Criticode, told Ars. Sites running PHP in FastCGI mode aren't affected. Nobody knows exactly how many websites are at risk, because sites also must meet several other criteria to be vulnerable, including not having a firewall that blocks certain ports. Nonetheless, sites running CGI-configured PHP on the Apache webserver are by default vulnerable to attacks that make it easy for hackers to run code that plants backdoors or downloads files containing sensitive user data. Making matters worse, full details of the bug became public last week, giving attackers everything they need to locate and exploit vulnerable websites. "The huge issue is the remote code execution, and that's really easy to figure out how to do," Patrick said. "If I as an attacker found it existed on a particular site, it would be exciting because I own everything. It's the kind of vulnerability where it's probably not super prevalent, but if it's there, it's not a minor thing." [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Tue May 08 2012 - 02:19:39 PDT
This archive was generated by hypermail 2.2.0 : Tue May 08 2012 - 02:16:35 PDT