UebiMiau - WebWorm / Security

3

3josh

Verified User
Joined
Oct 17, 2003
Messages
12
A customer of ours just had his webmail page defaced. The defacement claims it was a WebWorm. The new defaced page is attached.

Anyone have any ideas on this? A security problem with UebiMiau, or did the user change some php settings that made the server vulnerable? I don't know much about php security and could use some advice.

Thanks

-josh
 
hi

hi
i have the same situation :
This site is defaced!!!
NeverEverNoSanity WebWorm generation 12.

strange!
 
There are no known security advisories nor exploits for UebiMiau. But this does not mean someone had found a hole and unleashed a worm. If someone has more info on this please let me know!
 
I've put a link up there with details but I'll post a summary here:

"Santy worm defaces websites using phpBB bug

A worm taking advantage of a phpBB vulnerability has been defacing websites. The worm uses the 'highlight' vulnerability found in phpBB version 2.0.10 and earlier. It uploads and executes a perl script. "
 
  • In this single thread we currently have two conflicting statements. Please could someone make it clear which is correct?
    [rhoekman] The worm uses the 'highlight' vulnerability found in phpBB version 2.0.10 and earlier.
    Click to expand...
    [jmstacey] This is a bug in php 4.3.9 as far as I can tell and the solution is to upgrade to 4.3.10
    Click to expand...
    :p At the risk of committing grammatical hari-kiri, by 'correct' we really mean 'more accurate'.
 
Both statements are in fact correct.

The Santa.A exploits phpBB... but there are even more severe concerns with php 4.3.9 right now... both need to be updated.
 
You must log in or register to reply here.
Back
Top