A recent analysis by SecurityFocus confirms that a vulnerability first published on November 16th has resulted in numerous websites being defaced. Now, a bot has been released that compromises the web server and provides additional functionality for an attacker. Reports claim that the bot allows for arbitary code execution, DoS attacks (via TCP, UDP and HTTP floods), port scanning capabilities, and the ability to discover other vulnerable hosts through Google searches.
Web-based worms are on the rise and any Internet-facing operating system platform running the open-source software can be targeted, including Windows, Unix and Linux. However, Linux remains the predominant server OS of choice for web hosting, and therefore attacks that evolve into bots or worms highlight vulnerable Linux systems much more than others. Mambo administrators are urged to download the latest security patch immediately.
UPDATE: Joomla, created by the same team that developed Mambo, is also vulnerable to the attack. Joomla released version 1.0.4 on November 21st to combat this problem. Jooma administrators running versions prior to 1.0.4 are also urged to install the latest security patch.
Posted by: Kelly Martin