[isf-wifidog] PHP XML Security issue
Proulx François
fproulx at edito.qc.ca
Mer 6 Juil 08:31:44 EDT 2005
We are using PHP5, this only affects PHP4 with XML-RPC ( which we are
not using at all).
On 6-Jul-2005, at 7:44 , Radek Zajkowski wrote:
> Hi all,
>
> This was posted on Slashdot recently, and since PHP/XML seem to pop
> up here you may want to read this:
>
> http://news.netcraft.com/archives/2005/07/04/
> php_blogging_apps_vulnerable_to_xmlrpc_exploits.html
>
> Radek.
>
> __________________________________________
>
> Many popular PHP-based blogging, wiki and content management
> programs can be exploited through a security hole in the way PHP
> programs handle XML commands. The flaw allows an attacker to
> compromise a web server, and is found in programs including
> PostNuke <http://news.postnuke.com/Article2699.html>, WordPress
> <http://wordpress.org/development/2005/06/wordpress-1513/>, Drupal
> <http://drupal.org/drupal-4.6.2>, Serendipity <http://blog.s9y.org/
> archives/36-CRITICAL-BUGFIX-RELEASE-Serendipity-0.8.2.html>,
> phpAdsNew <http://phpadsnew.com/two/nucleus/index.php?itemid=45>,
> phpWiki <http://sourceforge.net/forum/forum.php?forum_id=478443>
> and phpMyFAQ <http://www.phpmyfaq.de/advisory_2005-06-29.php>,
> among others.
>
> The flaw affects the XML-RPC <http://www.xmlrpc.com/> function,
> which has many uses in web applications, including "ping" update
> notifications <http://www.masternewmedia.org/news/2004/11/10/
> increase_visibility_in_blog_and.htm> for RSS feeds. PHP libraries
> that allow applications to exchange XML data using remote procedure
> calls <http://www.webopedia.com/TERM/R/RPC.html>(RPC) fail to fully
> check incoming data for malicious commands. The affected libraries,
> including PHPXMLRPC <http://phpxmlrpc.sourceforge.net/> and Pear
> XML-RPC <http://www.php.net/>, are included in many interactive
> applications written in PHP.
>
> The XML-RPC flaw <http://www.gulftech.org/?
> node=research&article_id=00088-07022005> was discovered by James
> Bercegay of GulfTech Security Research. Bercegay found that the
> libraries are "vulnerable to a very high risk remote php code
> execution vulnerability that may allow for an attacker to
> compromise a vulnerable webserver ... By creating an XML file that
> uses single quotes to escape into the eval() call an attacker can
> easily execute php code on the target server."
>
> Updated copies of the libraries are now available, and immediate
> upgrades are recommended. The nature of the flaw poses a dilemma
> for site operators on shared hosting services, who may run affected
> applications on their sites but not have the ability to update the
> server's PHP installation with the secure libraries. Disabling XML-
> RPC features is the recommended workaround.
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
More information about the WiFiDog
mailing list