The Vulnerabilities of PmWiki and TikiWiki
Like many software Wiki software too has flaws, which hackers are exploiting to set up 'botnets' by compromising the servers. Wiki software is becoming favorite targets of hackers.
According to 'Internet Storm Center' of SANS institute, the bugs in TikiWiki & PmWiki software are being increasingly exploited to convert networks into 'botnets'. The virus that enables hackers to exploit the loopholes in PmWiki 2.1.19 (or less) and TikiWiki 1.9 (or less) is the same. PmWiki & TikiWiki are software that creates Wikis, which are web-based software programs that enable surfers to add, edit and remove the content from these types of websites.
The PmWiki & TikiWiki loopholes have a difference. The first one can be exploited only with the "Register Globals" attribute. But the second one can be exploited even without this attribute.
When the IRC 'bot' is installed, it connects to many channels to access 'Undernet servers' of IRC. In addition to this, hackers are installing various tools to exploit other vulnerabilities to launch attacks on compromised PCs. Pearl scripts are used for 'denial of service' (DOS) attacks, which are surging along with the exploits over both 2.4 & 2.6 kernels of Linux OS.
A report released on SNAS' 'Internet Storm Center' Website says that they have got anonymous reports that 'botnets' have been created from the vulnerabilities in PmWiki & TikiWiki software. However, there was no information on where the bots were linking. They were now at rampage. TikiWiki has published techniques on how to temporarily patch loopholes in the systems to save them from attacks. On the other hand PmWiki has come up with any temporary fixes. Therefore users are recommended to turn off 'Register Globals" and put on "Apache". Anyone who is running either one of these two components of software must ensure that his system is patched up.
PmWiki has asked its users to upgrade the software to keep away attack. The upgrade instructions are available on PmWiki website. The TikiWiki website has an advisory apologizing for the disturbance caused to its users. However, it has published a temporary solution to curb the exploits and expressed optimism to solve the problem very soon.
Related article: THE SPAM MAFIA
» SPAMfighter News - 15-09-2006