There is a new worm exploiting the vulnerability in phpBB, as described in the URL below:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
For more information on the worm see: http://vil.nai.com/vil/content/v_130471.htm
Is there an easy and realiable way to identify all phpBB installations on our servers? I suppose searching for viewtopic.php is a good start.
ART, will you be releasing an updated RPM for the phpBB application ?
phpBB <= 2.0.10 vulnerability
I have posted a small Perl script to detect possible vulnerable phpBB installations. The script also enables a workaround.
Please see my phpBB page, located at the following URL: http://www.carlswart.co.za/phpbb/
Please see my phpBB page, located at the following URL: http://www.carlswart.co.za/phpbb/