[Ars] High-severity vulnerability in vBulletin is being actively exploited - Overclock.net - An Overclocking Community
Forum Jump: 

[Ars] High-severity vulnerability in vBulletin is being actively exploited

Reply
 
Thread Tools
post #1 of 16 (permalink) Old 09-25-2019, 10:37 PM - Thread Starter
Waiting for 7nm EUV
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 11,486
Rep: 900 (Unique: 504)
[Ars] High-severity vulnerability in vBulletin is being actively exploited

Quote:
Attackers are mass-exploiting an anonymously disclosed vulnerability that makes it possible to take control of servers running vBulletin, one of the Internet’s most popular applications for website comments. Sites running the app should take comments offline until administrators install a patch that vBulletin developers released late Wednesday morning.

The vulnerability was disclosed through an 18-line exploit that was published on Monday by an unidentified person. The exploit allows unauthenticated attackers to remotely execute malicious code on just about any vBulletin server running versions 5.0.0 up to 5.5.4. The vulnerability is so severe and easy to exploit that some critics have described it as a back door.

“Essentially, any attack exploits a super simple command injection,” Ryan Seguin, a research engineer at Tenable, told Ars. “An attacker sends the payload, vBulletin then runs the command, and it responds back to the attacker with whatever they asked for. If an attacker issues a shell command as part of the injection, vBulletin will run Linux commands on its host with whatever user permissions vBulletins' system-level user account has access to.” Seguin has more in this technical analysis of the vulnerability.

According to researcher Troy Mursch of the Bad Packets security intelligence service, attackers are using botnets to actively exploit vulnerable servers.
Quote:
As advised earlier, the vulnerability is so severe that vulnerable vBulletin users should take their forums offline until they have installed a patch developers published on Wednesday morning.

Source.


Fortunately OCN is running on an older version of vBulletin, so it shouldn't be affected. But anybody out there on a newer 5.x version (around %7 of vB installations), please take your forum off-line and patch immediately. From what I gather, vB's glory days are a thing of the past, there are better forum solutions out there now, so you might consider something else while you're at it.



Last edited by tpi2007; 09-25-2019 at 10:44 PM.
tpi2007 is offline  
Sponsored Links
Advertisement
 
post #2 of 16 (permalink) Old 09-26-2019, 12:21 AM
What goes here?
 
speed_demon's Avatar
 
Join Date: Nov 2006
Location: Wisconsin
Posts: 2,255
Rep: 121 (Unique: 89)
I know the running joke is that Intel has all the exploits but it seems like every day there are multiple new vulnerabilities found in every branch/field of tech. So I guess now the name of the game is just to stay a step ahead of the exploit and/or update ASAP whenever one is found.

Desktop
(11 items)
CPU
Celeron G3930 eXtra Slow Edition
Motherboard
Gigabyte Z270 Gaming K5
GPU
MSI R9 390
RAM
12GB DDR4-3000
Hard Drive
120GB HP M700 SSD
Hard Drive
Samsung Spintpoint M9T 2TB
Hard Drive
Seagate Barracuda 750GB
Power Supply
Corsair CX750M
Case
Fractal Define S
Keyboard
Alienware W/Cherry MX Switches
Mouse
Logitech G5 Gen.1
▲ hide details ▲


speed_demon is offline  
post #3 of 16 (permalink) Old 09-26-2019, 12:48 AM
Otherworlder
 
epic1337's Avatar
 
Join Date: Feb 2011
Posts: 7,452
Rep: 224 (Unique: 129)
more and more people are getting into the security field, its only inevitable that they'd find security holes even in the most secure software.

trolling an adult is very dangerous, don't try it at home nor at work. you don't want to play tag with a rabid man.
epic1337 is offline  
Sponsored Links
Advertisement
 
post #4 of 16 (permalink) Old 09-26-2019, 05:06 AM
u broke 666 rep :(
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 23,637
Rep: 684 (Unique: 364)
sounds like someone was lazy as hell

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
Best R0ach Quote of all time : TLDR: Haswell might be the last legit gaming platform unless mice get their own non-USB interface on some newer architecture.
skupples is offline  
post #5 of 16 (permalink) Old 09-26-2019, 05:28 AM
do not touch my butt
 
Caffinator's Avatar
 
Join Date: Apr 2014
Posts: 250
Rep: 5 (Unique: 5)
Quote: Originally Posted by skupples View Post
sounds like someone was lazy as hell
yea literally posting a shell command LOL
Caffinator is offline  
post #6 of 16 (permalink) Old 09-26-2019, 05:36 AM
u broke 666 rep :(
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 23,637
Rep: 684 (Unique: 364)
Quote: Originally Posted by Caffinator View Post
yea literally posting a shell command LOL
I assume that's SOP internally for the folks breaking the code for a living, but posting it in a public article is just hilarious. "don't believe us? try it yourself!"

have at it boys! go find some random vbul!

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
Best R0ach Quote of all time : TLDR: Haswell might be the last legit gaming platform unless mice get their own non-USB interface on some newer architecture.
skupples is offline  
post #7 of 16 (permalink) Old 09-26-2019, 08:00 AM
do not touch my butt
 
Caffinator's Avatar
 
Join Date: Apr 2014
Posts: 250
Rep: 5 (Unique: 5)
Quote: Originally Posted by skupples View Post
I assume that's SOP internally for the folks breaking the code for a living, but posting it in a public article is just hilarious. "don't believe us? try it yourself!"

have at it boys! go find some random vbul!
How about OCN?

rm -rf *

oops
Caffinator is offline  
post #8 of 16 (permalink) Old 09-26-2019, 09:38 AM
New to Overclock.net
 
girugamesh's Avatar
 
Join Date: Jul 2011
Posts: 1,010
Rep: 145 (Unique: 99)
Wut kind of LoOoOddite still use web forums?
girugamesh is offline  
post #9 of 16 (permalink) Old 09-26-2019, 02:56 PM
technologist
 
neurotix's Avatar
 
Join Date: Feb 2010
Location: The Wired
Posts: 4,470
Rep: 356 (Unique: 203)
remove

forget it

Big Blue?
(14 items)
Green
(12 items)
CPU
Ryzen 9 3900X @ 4.5GHz CCD0 1.375v VID OC, 4.2GHz CCD1- 1900Mhz fclk/uclk
Motherboard
ASUS ROG Crosshair VIII Hero BIOS 1201
GPU
EVGA GTX 1080ti FTW3 2025/5940MHz
GPU
EVGA GTX 1080ti FTW3 2025/5940MHz
GPU
EVGA RGB SLI HB Bridge
RAM
G.SKILL Flare X B-Die 3200 C14 @ 3800MHz C14-16-15-15-30-48 1T 1.475v GDM off
Hard Drive
Samsung 970 Evo 500GB m.2 2280 PCI-E NVMe SSD
Hard Drive
WD Black 2TB
Hard Drive
WD Blue 4TB
Hard Drive
WD Blue 6TB
Hard Drive
Samsung 840 Evo SATA 256GB
Power Supply
COOLERMASTER V1000 (Seasonic 1000w 80+ Gold)
Cooling
Arctic Cooling Liquid Freezer II 38mm 360mm AIO
Cooling
Anidées AI-AUREOLA RGB fans x7
Cooling
Prolimatech PK-3 Nano 30g tube
Case
Anidées AI CRYSTAL AR3 RGB Midtower
Operating System
Debian Linux 10
Operating System
Win10 X64 Pro 1903 (gaming only), stripped down, updates blocked, Firewalled.
Monitor
LG 34WN80C 34" 3440x1440 21:9 IPS, 300 nit, HDR
Keyboard
GMMK v2 104 key | Kailh Box Jades | HyperX PBT pudding (for now)
Keyboard
OCN Ducky DK1008 MX Blues
Keyboard
Corsair K70 Lux red led/MX Reds
Keyboard
Rosewill K85 RGB Kailh/Kaihua Blue switches
Keyboard
Ducky One 2 RGB fullsize
Mouse
Redragon Chroma M710 RGB (Omron Switches)
Mousepad
Corsair Polaris RGB
Audio
Logitech G230 red
Audio
Logitech Z2300 2.1 120w 8" sub, w/ 40w satellites
Other
Phanteks RGB 5050/Digital RGB strips
Other
Respawn Black/Gray Racing Chair
CPU
i5-7600k 5GHz 1.32v
Motherboard
ASUS ROG Z270H Strix
GPU
Sapphire R9 380X Nitro 1200/1500mhz
RAM
G.skill Ripjaws4 DDR4-3000 CAS15
Hard Drive
Western Digital Caviar Blue 320gb
Hard Drive
Samsung 850 Evo 256gb
Power Supply
OCZ ModXStream Pro 500w
Cooling
Corsair H60/PK-3
Case
Thermaltake Core V71
Operating System
Win10 Home
Monitor
2x ASUS V236H 1080p
Keyboard
Corsair K70 Lux Blue LED Cherry MX Blue
Mouse
Cooler Master
Mouse
Thermaltake GAMMA
CPU
FX-8350 stock
Motherboard
ASUS ROG Crosshair V Formula
GPU
Sapphire R5 230
RAM
G.skill TridentX DDR3 2400mhz
Hard Drive
WD Caviar Blue
Optical Drive
Lite On DVD-RW
Power Supply
OCZ ModXStream Pro 500W
Cooling
Cooler Master TX3
Cooling
Corsair SP120 Exhaust
Case
Corsair C70
Operating System
Win7 Ultimate X64
Monitor
ASUS V236H 1080p 23"
▲ hide details ▲



Last edited by neurotix; 10-02-2019 at 12:04 AM.
neurotix is offline  
post #10 of 16 (permalink) Old 09-26-2019, 03:51 PM
In VB's Basement
 
ENTERPRISE's Avatar
 
Join Date: Oct 2004
Location: England,UK
Posts: 64,101
Quote: Originally Posted by neurotix View Post
lol

I run Debian Linux and do graphic design and custom conky scripts (desktop monitor) and theming for my installs as well as tons of tweaking, firewall scripts etc.

I also used sed (as per the article) for a custom conky calendar
Code:
 {execpi 20000 LAR=`date +%-d`; ncal -bh | sed '2d' | sed -e '1d' -e 's/\<'$LAR'\>/${color1}&${color5}/' | sed ':a;N;$!ba;s/\n/\n${goto 28}/g'}
Which simply prints the output of a terminal calendar application. With formatting.

My desktop looks like this


Attachment 297866



After my recent upgrade to a 3900x, running MATE, Compiz-Reloaded and Emerald window controls, with my custom background I made in GIMP, and my custom conky with extensive use of LUA scripts

I am not a malicious actor but I *highly* suggest VS patch the current code base for OCN against this immediately as it's literally as easy as copying the shell script out of that article, saving it as 'blahblahvbatk.sh' or something, and then figuring out some basic Bash shell scripts to control the site from a C&C server with an Apache install, through TOR over OpenVPN or something, and maybe a proxy. It would then be possible to ransom the admin panel, go in it and delete the SQL database, etc.

This is what you get when you run a hobbled together 2003-era vBulletin in 2019. Hope this was already known about and patched, VerticalScope, Inc.
This version of VB is not affected.


Need help with your account or something forum related ? Please use our Contact Us form



ENTERPRISE is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off