Drupal users take cover—code-execution bug is being actively exploited [updated]

by
Dan Goodin
from Ars Technica - All content on (#3NNQ7)
LisaBrewster_Flickr_HackerDefcon15-800x5

Enlarge (credit: Lisa Brewster / Flickr)

Malicious hackers wasted no time exploiting a critical bug in the Drupal content management system that allows them to execute malicious code on website servers. Just hours after maintainers of the open-source program disclosed the vulnerability, it came under active attack, they said.

So far, the attackers are using proof-of-concept attack code published online that shows one method of exploiting the critical flaw, Drupal maintainer Greg Knaddison told Ars. The code has not yet been automated in a way that can target large numbers of sites, in large part because successful exploits require permissions and configuration settings that differ from site to site. So far, Drupal maintainers aren't aware of any successful site take-overs resulting from the vulnerability.

"We have definitely seen proof of concept exploits published online," Knaddison wrote in an e-mail. "It's safe to assume that proof of concept (or others like it) are being used maliciously against individual sites by people who are willing to slowly attack a high value target. It's not yet automated in a way that would let an attacker try it against hundreds of sites."

Read 7 remaining paragraphs | Comments

index?i=qVkV1Qt5KhA:d1xbGe_GELA:V_sGLiPB index?i=qVkV1Qt5KhA:d1xbGe_GELA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments