| VID |
21388 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PostNuke content management system seems to have a backdoor.
PostNuke, developed by Francisco Burzi, is a PHP content management system with a MySQL database. The PostNuke Web site, 'downloads.postnuke.com' has been compromised between the 24th and 26th of October 2004 and some files in the version 0.750 distribution has been modified. The vendor notes that the compromise occurred due to a vulnerability in the 'pafiledb' download management software and not in PostNuke. The compromise caused the download address of PostNuke-0.750.zip to point to a compromised archive.
However, by passing user supplied arguments to the 'oops' parameter of the file pnAPI.php, it could allow a remote attacker to execute arbitrary commands on the system that have installed the compromised PostNuke distributions.
* References:
http://securitytracker.com/alerts/2004/Oct/1011938.html
http://news.postnuke.com/modules.php?op=modload&name=News&file=index&catid=&topic=38
* Platforms Affected:
Francisco Burzi, PostNuke 0.750
Any operating system Any version |
| Recommendation |
The vendor recommends the following actions:
1. Immediately remove the affected file /includes/pnAPI.php. This should be replaced with the original file, which is available at the following location:
http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnAPI.php?rev=1.86&content-type=text/vnd.viewcvs-markup
2. Change your database details, for example: 'username', 'password' and if possible 'database name'.
3. Audit HTTP access-logs, if an entry is found that contains the string 'oops=', then users are advised to contact the PostNuke Security Team:
http://forums.postnuke.com/index.php?module=vpContact |
| Related URL |
(CVE) |
| Related URL |
11529 (SecurityFocus) |
| Related URL |
17857 (ISS) |
|
