Santy Wurm verbreitet sich über PHPbb Boards

[pattex]

Es macht ja derzeit die Runde das ein Internet-Wurm mit dem Namen "Santy" eine Sicherheitslücke im PHPbb 2.0.11 und früher ausnutzt.

Dadurch werden alle Dateien überschrieben auch Dateien, außerhalb vom phpbb.
Eine schnelle fehlerbehebung findet man hier:

Posted: Thu Nov 18, 2004 4:08 am Post subject: howdark.com exploits - follow up

--------------------------------------------------------------------------------

Following my original post it has been brought to our attention that the highlighting exploit can be taken advantage of, and it a serious way. We are hastily preparing a new release. However that release contains a number of other fixes and additions and thus we carrying out some internal testing to limit the chances of other issues arising.

In the mean time we strongly, and I mean strongly! urge all our users to make the following change to viewtopic.php as a matter of urgency.

Open viewtopic.php in any text editor. Find the following section of code:
Code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

for($i = 0; $i < sizeof($words); $i++)
{


and replace with:
Code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

for($i = 0; $i < sizeof($words); $i++)
{


Please inform as many people as possible about this issue. If you're a hosting provider please inform your customers if possible. Else we advise you implement some level of additional security if you run ensim or have PHP running cgi under suexec, etc.

Wer noch ein solches phpbb einsetzt sollte Updaten.
Mehr Infos gibt es hier: http://www.heise.de/newsticker/meldung/54550