Uploaded image for project: 'MetaBrainz Hosting'
  1. MetaBrainz Hosting
  2. MBH-229

Scooby's PHP-CGI (forums.mb) is compromised (forum is down)

    XMLWordPrintable

    Details

      Description

      http://bayimg.com/bAOBcAaDJ

      This is a known bug in PHP-CGI that allows for remote code execution, scooby and wiley are both susceptible. I have access to wiley and have implemented a config redirect-based workaround for wiki.mb, but forums is where this was found (see the image linked above) and it appears to be compromised. The script code listed therein seems to only appear on firefox on windows.

      I'm not sure what's been gotten into; from what I can figure out from syswiki this shouldn't have escalated beyond access to PunBB, but that could be plenty bad.

      http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ is the original advisory

      http://www.php.net/archive/2012.php#id2012-05-03-1 lists the mod_rewrite-based workaround that I implemented on wiley.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rob Robert Kaye
                Reporter:
                ianmcorvidae Ian McEwen
              • Votes:
                2 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package