PHP XML-RPC (and Mambo) exploit question

huntx · February 21st, 2006, 11:30 AM

There's a variety of buzz about a worm targeting PHP XML-RPC and Mambo:

Secunia, which also issued an advisory, said the vulnerability affects version 1.1 of PHP XML-RPC and prior versions. Its advisory recommended upgrading PHP XML-RPC to version 1.1.1.

Mambo wrote on its Web site that it has issued fixes for versions 4.5.3 and 4.5.3h. Those fixes can be downloaded from Mambo's Web site at http://www.mamboserver.com/. It also recommended that users upgrade their software if they have a version earlier than 4.5.3.

My concern is about XML-RPC, but I suspect there are Mambo users here as well. My question is, are we secure from this worm?

**David** · February 21st, 2006, 4:53 PM

Linux worm turns on Mambo and PHP

**Kayla** · February 21st, 2006, 7:51 PM

Quote:

Originally Posted by huntx

Mambo wrote on its Web site that it has issued fixes for versions 4.5.3 and 4.5.3h. Those fixes can be downloaded from Mambo's Web site at http://www.mamboserver.com/. It also recommended that users upgrade their software if they have a version earlier than 4.5.3.

My concern is about XML-RPC, but I suspect there are Mambo users here as well. My question is, are we secure from this worm?

If Mambo says they have made fixes, and you use Mambo, then you should upgrade.

We have rules on our router that are blocking similar requests, so everything is ok and we aren't noticing any problems.

huntx · February 23rd, 2006, 12:39 AM

If I read you right, the PHP XML-RPC is OK? That was my main concern since I am using Wordpress (hence PHP and XML-RPC) and I couldn't tell what the XML-RPC version was.

Mambo is a bit of a red herring since it gets installed by the user and I shouldn't have mentioned it.

**Kayla** · February 23rd, 2006, 1:01 AM

I just spoke with Paul and I'm pleased to present you with concrete information regarding this.
http://www.surmunity.com/showthread....496#post152496

huntx · February 24th, 2006, 2:28 PM

OK, thanks very much

February 21st, 2006, 11:30 AM	#1 (permalink)
huntx Registered User Fresh Surpasser Joined in Jul 2005 11 posts Gave thanks: 0 Thanked 0 times	PHP XML-RPC (and Mambo) exploit question There's a variety of buzz about a worm targeting PHP XML-RPC and Mambo: Secunia, which also issued an advisory, said the vulnerability affects version 1.1 of PHP XML-RPC and prior versions. Its advisory recommended upgrading PHP XML-RPC to version 1.1.1. Mambo wrote on its Web site that it has issued fixes for versions 4.5.3 and 4.5.3h. Those fixes can be downloaded from Mambo's Web site at http://www.mamboserver.com/. It also recommended that users upgrade their software if they have a version earlier than 4.5.3. My concern is about XML-RPC, but I suspect there are Mambo users here as well. My question is, are we secure from this worm?

February 23rd, 2006, 12:39 AM	#4 (permalink)
huntx Registered User Fresh Surpasser Joined in Jul 2005 11 posts Gave thanks: 0 Thanked 0 times	Re: PHP XML-RPC (and Mambo) exploit question If I read you right, the PHP XML-RPC is OK? That was my main concern since I am using Wordpress (hence PHP and XML-RPC) and I couldn't tell what the XML-RPC version was. Mambo is a bit of a red herring since it gets installed by the user and I shouldn't have mentioned it.

February 23rd, 2006, 1:01 AM	#5 (permalink)
Kayla Marketing Maven Surpass Staff Joined in May 2003 Lives in Orlando 24,749 posts Gave thanks: 946 Thanked 806 times	Re: PHP XML-RPC (and Mambo) exploit question I just spoke with Paul and I'm pleased to present you with concrete information regarding this. http://www.surmunity.com/showthread....496#post152496 __________________ Follow Surpass on Twitter and Facebook Check out the Surpass Blog

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

February 24th, 2006, 2:28 PM	#6 (permalink)
huntx Registered User Fresh Surpasser Joined in Jul 2005 11 posts Gave thanks: 0 Thanked 0 times	OK, thanks very much

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)