“Great spirits have always encountered opposition from mediocre minds.”
Albert Einstein

lunes, julio 04, 2005

Vulnerables blogs basados en PHP

Corrió hoy por el Web una advertencia sobre una vulnerabilidad en las aplicaciones que utilizan librerías PHP para manejar mensajes XML-RPC. Este es el aviso:

PHP Blogging Apps Vulnerable to XML-RPC Exploits


Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.

The flaw affects the XML-RPC function, which has many uses in web applications, including "ping" update notifications for RSS feeds. PHP libraries that allow applications to exchange XML data using remote procedure calls(RPC) fail to fully check incoming data for malicious commands. The affected libraries, including PHPXMLRPC and Pear XML-RPC, are included in many interactive applications written in PHP.

The XML-RPC flaw was discovered by James Bercegay of GulfTech Security Research. Bercegay found that the libraries are "vulnerable to a very high risk remote php code execution vulnerability that may allow for an attacker to compromise a vulnerable webserver ... By creating an XML file that uses single quotes to escape into the eval() call an attacker can easily execute php code on the target server."

Updated copies of the libraries are now available, and immediate upgrades are recommended. The nature of the flaw poses a dilemma for site operators on shared hosting services, who may run affected applications on their sites but not have the ability to update the server's PHP installation with the secure libraries. Disabling XML-RPC features is the recommended workaround.

Observé que Drupal actualizó sus librerías XML-RPC en respuesta al aviso, pero no ví notificación de WordPress. Por ahora no parece ser una amenaza inmediata, pero el potencial del daño que se puede lograr a través de la vulnerabilidad es significativo.

Categorías: ,