On the last week, was released this flaw [1].
The problem is amplified by user auto registration on com_users, that, by default is allowed anonymous users to register themselves as Administrator leading to Joomla Administrator take over.
This problem affect 1.6.x/1.7.x/2.5.0-2.5.2 versions [2].
Now, many defacers are using google to find vulnerable sites to attack.
Dork: inurl:index.php?option=com_users&view=registration
May be that, coming soon , we have a rise of a worm to exploit it, …. remember about JBOSS Worm ? that use CVE-2010-0738 to spread ?
So, we have some mitigation options about this flaw:
-> Block the user auto registration resource on com_user
-> Upgrade to 2.5.3, because 1.6.x and 1.7.x have no patch yet.
For all Joomla's/CMS installation, you can follow some steps more:
- Remove all unnecessary plugins/components/extensions/others, keeping what really is needed.
- Use the minimum of extensions as possible.
- Use the lastest version of all components and core
- Only allow the apache user to write where really is needed.
- Keep yourself up to date about Joomla related vulnerabilities
- Remove all default users and groups when it is possible.
- Control the access to /Administrator, by source IP, change the Administrator path and block IP sources with a bad reputation
- Use some WAF - Web Application Firewall , as ModSecurity
- Use Antivirus, yes, do it at your Linux Server, it can save your life.
- Use a file integrity checker as AIDE.
- Use database and system accounts with minor privileges.
- Make a hardening on PHP configuration
- Take care about temporary folders as /tmp /var/tmp/ joomla uploads, e.g. don't allowing execution programs from here with noexec partition bit.
- Implement strong password policy for joomla' s administrators
- Use jail system for apache's instances.
- Always use captcha when it's possible
- Use Enhanced Security as SELinux or AppArmor
This is not all , but can be followed for generic CMS/WebServer Hardening…
[1] http://jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html
[2] http://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html
t: @emanueldosreis
Assinar:
Postar comentários (Atom)
Nenhum comentário:
Postar um comentário