[lug] phpBB vulnerability in the wild.

Sean Reifschneider jafo at tummy.com
Sun Dec 26 16:10:09 MST 2004


I know this has widely been reported, but apparently not widely enough.  If
you are running phpBB, you *NEED* to do this update.  Included below is an
announcement we've been sending out.

Sean
================
As reported recently in the following bugtraq message, a worm has been
exploiting phpBB sites:

   http://marc.theaimsgroup.com/?l=bugtraq&m=110365752909029&w=2

If you are running phpBB, you should definitely get it updated.  While the
worm above is harmless enough, we've seen other attacks using the same
attack vector to gain system access.

All our managed hosts have already been contacted about this and had the
updates applied.  If you need help identifying if you have phpBB installed
or getting the update applied, feel free to contact us.

Thanks,
Sean
-- 
 Linux:  Bring back that "greased weasel" feeling.
                 -- Sean Reifschneider, 1998
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995.  Qmail, Python, SysAdmin



More information about the LUG mailing list