[ale] TWiki critical security advisory...
Michael H. Warfield
mhw at WittsEnd.com
Mon Sep 22 10:01:57 EDT 2008
Hey all,
I mentioned this at the ALE meeting the other night that TWiki had a
critical security update. The details of the vulnerability and example
exploit are now posted on milw0rm for all to see. First and foremost,
anyone who has not done so should make sure the configure script for
TWiki is totally disabled! This is a trivial unauthenticated remote
code execution vulnerability. If your site has been running with an
exposed configure script, you should immediately scan the system for
intrusions and rootkits. It is being exploited in the wild. Check your
web logs for any sign of pipe command execution attempts.
http://milw0rm.com/exploits/6509
TWiki has an update to the configure script on their site.
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20080922/1f820bd0/attachment.bin
More information about the Ale
mailing list