terça-feira, março 20, 2012

Joomla Privilege Escalation Flaw and some CMS hardening

On the last week, was released this flaw [1].

The problem is amplified by user auto registration on com_users, that, by default is allowed anonymous users to register themselves as Administrator leading to Joomla Administrator take over.

This problem affect 1.6.x/1.7.x/2.5.0-2.5.2 versions [2].

Now, many defacers are using google to find vulnerable sites to attack.

Dork: inurl:index.php?option=com_users&view=registration

May be that, coming soon , we have a rise of a worm to exploit it, …. remember about JBOSS Worm ? that use CVE-2010-0738 to spread ?


So, we have some mitigation options about this flaw:

-> Block the user auto registration resource on com_user

-> Upgrade to 2.5.3, because 1.6.x and 1.7.x have no patch yet.


For all Joomla's/CMS installation, you can follow some steps more:

- Remove all unnecessary plugins/components/extensions/others, keeping what really is needed.
- Use the minimum of extensions as possible.
- Use the lastest version of all components and core
- Only allow the apache user to write where really is needed.
- Keep yourself up to date about Joomla related vulnerabilities
- Remove all default users and groups when it is possible.
- Control the access to /Administrator, by source IP, change the Administrator path and block IP sources with a bad reputation
- Use some WAF - Web Application Firewall , as ModSecurity
- Use Antivirus, yes, do it at your Linux Server, it can save your life.
- Use a file integrity checker as AIDE.
- Use database and system accounts with minor privileges.
- Make a hardening on PHP configuration
- Take care about temporary folders as /tmp /var/tmp/ joomla uploads, e.g. don't allowing execution programs from here with noexec partition bit.
- Implement strong password policy for joomla' s administrators
- Use jail system for apache's instances.
- Always use captcha when it's possible
- Use Enhanced Security as SELinux or AppArmor


This is not all , but can be followed for generic CMS/WebServer Hardening…


[1] http://jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html
[2] http://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html


t: @emanueldosreis
Postado por às
Marcadores:

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)