Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Bots doing the mambo-joomla
Published: 2005-12-06

A new bot is spreading in the wild, with attackers looking to compromise vulnerable installations of the popular Mambo open-source content management system.

A recent analysis by SecurityFocus confirms that a vulnerability first published on November 16th has resulted in numerous websites being defaced. Now, a bot has been released that compromises the web server and provides additional functionality for an attacker. Reports claim that the bot allows for arbitary code execution, DoS attacks (via TCP, UDP and HTTP floods), port scanning capabilities, and the ability to discover other vulnerable hosts through Google searches.

Web-based worms are on the rise and any Internet-facing operating system platform running the open-source software can be targeted, including Windows, Unix and Linux. However, Linux remains the predominant server OS of choice for web hosting, and therefore attacks that evolve into bots or worms highlight vulnerable Linux systems much more than others. Mambo administrators are urged to download the latest security patch immediately.

UPDATE: Joomla, created by the same team that developed Mambo, is also vulnerable to the attack. Joomla released version 1.0.4 on November 21st to combat this problem. Jooma administrators running versions prior to 1.0.4 are also urged to install the latest security patch.

Posted by: Kelly Martin
    Digg this story   Add to del.icio.us  
 
Comments Mode:
Bots doing the mambo 2005-12-07
Anonymous (2 replies)
Re: Bots doing the mambo 2005-12-07
Juha-Matti Laurio
Re: Bots doing the mambo 2005-12-07
Anonymous (1 replies)
Re: Re: Bots doing the mambo 2005-12-07
Kelly Martin







 

Privacy Statement
Copyright 2009, SecurityFocus