Download området på PostNuke.com er blevet hacket! 3424 hits
		Jeg har modtaget denne mail fra Vanessa i dag! "Vulnerability: Attacker used an exploit in the download management software pafiledb to change the download address of PostNuke-0.750.zip to point to a compromised archive." Det er VIGTIGT at i læser videre eller følger linket til PostNuke.com for yderligere info... --------------------------------------------------------------------------- PostNuke Security Advisory PNSA 2004-3 Vanessa Haakenson http://www.postnuke.com/ October 26, 2004 For contacts: http://news.postnuke.com/index.php?module=vpContact --------------------------------------------------------------------------- Vulnerability: Attacker used an exploit in the download management software pafiledb to change the download address of PostNuke-0.750.zip to point to a compromised archive. DESCRIPTION The changes made by the hackers were in two places. First, during the installation routine all data submitted (this includes the server, the database credentials, the admin name and password) is sent to a different server. Second, in one file there was code allowing a malicious user to execute any shell command on the web server. SOLUTION Immediate action is required from everyone who downloaded the .zip package between Sunday (24.Oct) at 23:50 GMT until Tuesday (26.Oct) at 8:30 GMT. Required Actions 1. Immediately remove the affected file /includes/pnAPI.php and replace it on your server with the original one (either from a fresh download or from http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnAPI.php?rev=1.86&content-type=text/vnd.viewcvs-markup) 2. Check the access-logs for any entry containing 'oops='. If you find any call please contact the PostNuke Security Team via http://forums.postnuke.com/index.php?module=vpContact providing the access log for further investigation. 3. Change your database details, username, password and if possible, database name. In the future to avoid downloading tampered files please compare the MD5 checksums with an independent source to ensure legitimacy, such as http://www.post-nuke.net For security updates notifications: http://lists.postnuke.com/mailman/listinfo/postnuke-security REFERENCES No references are currently available on the net. CREDITS This exploit was reported in the PN forums by *mheffel* _______________________________________________ Postnuke-security mailing list Postnuke-security@lists.postnuke.com http://lists.postnuke.com/mailman/listinfo/postnuke-security
		Skrevet af: kimenemark til Tirsdag den 26. Okt 2004 - kl. 14:24