Uploaded image for project: 'MetaBrainz Hosting'
  1. MetaBrainz Hosting
  2. MBH-229

Scooby's PHP-CGI (forums.mb) is compromised (forum is down)

XMLWordPrintable

      http://bayimg.com/bAOBcAaDJ

      This is a known bug in PHP-CGI that allows for remote code execution, scooby and wiley are both susceptible. I have access to wiley and have implemented a config redirect-based workaround for wiki.mb, but forums is where this was found (see the image linked above) and it appears to be compromised. The script code listed therein seems to only appear on firefox on windows.

      I'm not sure what's been gotten into; from what I can figure out from syswiki this shouldn't have escalated beyond access to PunBB, but that could be plenty bad.

      http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ is the original advisory

      http://www.php.net/archive/2012.php#id2012-05-03-1 lists the mod_rewrite-based workaround that I implemented on wiley.

        1. MB.css
          8 kB
          Robert Kaye

            rob Robert Kaye
            ianmcorvidae Ian McEwen
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Version Package