[Ars] High-severity vulnerability in vBulletin is being actively exploited - Overclock.net - An Overclocking Community

Forum Jump: 

[Ars] High-severity vulnerability in vBulletin is being actively exploited

Reply
 
Thread Tools
post #1 of 16 (permalink) Old 09-25-2019, 10:37 PM - Thread Starter
Waiting for 7nm EUV
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 11,363
Rep: 894 (Unique: 503)
[Ars] High-severity vulnerability in vBulletin is being actively exploited

Quote:
Attackers are mass-exploiting an anonymously disclosed vulnerability that makes it possible to take control of servers running vBulletin, one of the Internet’s most popular applications for website comments. Sites running the app should take comments offline until administrators install a patch that vBulletin developers released late Wednesday morning.

The vulnerability was disclosed through an 18-line exploit that was published on Monday by an unidentified person. The exploit allows unauthenticated attackers to remotely execute malicious code on just about any vBulletin server running versions 5.0.0 up to 5.5.4. The vulnerability is so severe and easy to exploit that some critics have described it as a back door.

“Essentially, any attack exploits a super simple command injection,” Ryan Seguin, a research engineer at Tenable, told Ars. “An attacker sends the payload, vBulletin then runs the command, and it responds back to the attacker with whatever they asked for. If an attacker issues a shell command as part of the injection, vBulletin will run Linux commands on its host with whatever user permissions vBulletins' system-level user account has access to.” Seguin has more in this technical analysis of the vulnerability.

According to researcher Troy Mursch of the Bad Packets security intelligence service, attackers are using botnets to actively exploit vulnerable servers.
Quote:
As advised earlier, the vulnerability is so severe that vulnerable vBulletin users should take their forums offline until they have installed a patch developers published on Wednesday morning.

Source.


Fortunately OCN is running on an older version of vBulletin, so it shouldn't be affected. But anybody out there on a newer 5.x version (around %7 of vB installations), please take your forum off-line and patch immediately. From what I gather, vB's glory days are a thing of the past, there are better forum solutions out there now, so you might consider something else while you're at it.



Last edited by tpi2007; 09-25-2019 at 10:44 PM.
tpi2007 is offline  
Sponsored Links
Advertisement
 
post #2 of 16 (permalink) Old 09-26-2019, 12:21 AM
Kill Confirmed
 
speed_demon's Avatar
 
Join Date: Nov 2006
Posts: 1,398
Rep: 78 (Unique: 65)
I know the running joke is that Intel has all the exploits but it seems like every day there are multiple new vulnerabilities found in every branch/field of tech. So I guess now the name of the game is just to stay a step ahead of the exploit and/or update ASAP whenever one is found.


speed_demon is offline  
post #3 of 16 (permalink) Old 09-26-2019, 12:48 AM
Otherworlder
 
epic1337's Avatar
 
Join Date: Feb 2011
Posts: 7,356
Rep: 217 (Unique: 125)
more and more people are getting into the security field, its only inevitable that they'd find security holes even in the most secure software.

trolling an adult is very dangerous, don't try it at home nor at work. you don't want to play tag with a rabid man.
epic1337 is offline  
Sponsored Links
Advertisement
 
post #4 of 16 (permalink) Old 09-26-2019, 05:06 AM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 18,883
Rep: 551 (Unique: 312)
sounds like someone was lazy as hell

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
skupples is offline  
post #5 of 16 (permalink) Old 09-26-2019, 05:28 AM
New to Overclock.net
 
Caffinator's Avatar
 
Join Date: Apr 2014
Posts: 198
Rep: 2 (Unique: 2)
Quote: Originally Posted by skupples View Post
sounds like someone was lazy as hell
yea literally posting a shell command LOL
Caffinator is offline  
post #6 of 16 (permalink) Old 09-26-2019, 05:36 AM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 18,883
Rep: 551 (Unique: 312)
Quote: Originally Posted by Caffinator View Post
yea literally posting a shell command LOL
I assume that's SOP internally for the folks breaking the code for a living, but posting it in a public article is just hilarious. "don't believe us? try it yourself!"

have at it boys! go find some random vbul!

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
skupples is offline  
post #7 of 16 (permalink) Old 09-26-2019, 08:00 AM
New to Overclock.net
 
Caffinator's Avatar
 
Join Date: Apr 2014
Posts: 198
Rep: 2 (Unique: 2)
Quote: Originally Posted by skupples View Post
I assume that's SOP internally for the folks breaking the code for a living, but posting it in a public article is just hilarious. "don't believe us? try it yourself!"

have at it boys! go find some random vbul!
How about OCN?

rm -rf *

oops
Caffinator is offline  
post #8 of 16 (permalink) Old 09-26-2019, 09:38 AM
New to Overclock.net
 
girugamesh's Avatar
 
Join Date: Jul 2011
Posts: 1,002
Rep: 144 (Unique: 98)
Wut kind of LoOoOddite still use web forums?
girugamesh is offline  
post #9 of 16 (permalink) Old 09-26-2019, 02:56 PM
complaints > /dev/null
 
neurotix's Avatar
 
Join Date: Feb 2010
Location: The frozen North
Posts: 4,079
Rep: 287 (Unique: 176)
remove

forget it

Big Red 2020
(34 items)
Big Blue?
(14 items)
Macintosh SE (1987)
(19 items)
CPU
Ryzen 9 3900X @ 4.4GHz CCD0 1.36v, 4.2GHz CCD1, locked, 1900Mhz fclk
Motherboard
ASUS ROG Crosshair VIII Hero BIOS 1001
GPU
EVGA GTX 1080ti FTW3 2012/5760MHz
GPU
EVGA GTX 1080ti FTW3 2012/5760MHz
RAM
G.SKILL Flare X B-Die 3200 C14 @ 3800MHz 16-16-16-32-50 1T 1.42v ;)
Hard Drive
Samsung 970 Evo 500GB m.2 2280 PCI-E NVMe SSD
Hard Drive
WD Black 2TB
Hard Drive
WD Blue 4TB
Hard Drive
WD Blue 6TB
Hard Drive
Samsung 840 Evo SATA 256GB
Optical Drive
Lite-On DVD-RW
Power Supply
COOLERMASTER V1000
Cooling
Corsair H100i V2 (plastidipped red tubing)
Cooling
Arctic Bionix F120 red (radiator), Bionix F140 red (rear), Bionix P140 3k RPM (front)
Cooling
Prolimatech PK-3 Nano 30g tube
Cooling
G.skill OG DDR3 Memory Cooler, white LED
Cooling
Corsair red LED 140mm fan, blowing on board socket + VRMs from behind
Case
Corsair 780T w/ custom red paint
Operating System
Debian Linux 10
Operating System
Win10 X64 Pro 1903 (gaming only), stripped down, updates blocked, Firewalled.
Monitor
3x ASUS V239 23" 1080p IPS Surround, 60Hz
Keyboard
Ducky One 2 RGB PKT MX Reds
Keyboard
OCN Ducky DK1008 MX Blues
Keyboard
Corsair K70 Lux red led/MX Reds
Mouse
Redragon Chroma M710 RGB (Omron Switches)
Mousepad
Corsair Polaris RGB
Audio
Logitech G230 red
Audio
Logitech Z2300 2.1 120w 8" sub, w/ 40w satellites
Other
Logisys red LED "Meteor Light"
Other
Custom acrylic PSU shroud "Big Red" (black w/ red led logo, v1tech)
Other
Custom acrylic drive cage shroud "[email protected]ome" (black w/ red logo. Clockwerkindustries)
Other
Thermaltake TTmod combed red/black cable extensions
Other
"Republic of Gamers", "EVGA" case badges.
Other
Merax Red/Black Racing Chair
CPU
i5-7600k 4.7ghz 1.26v
Motherboard
ASUS ROG Z270H Strix
GPU
Sapphire R9 380X Nitro 1200/1500mhz
RAM
G.skill Ripjaws4 DDR4-3000 CAS15
Hard Drive
Western Digital Caviar Blue 320gb
Hard Drive
Samsung 850 Evo 256gb
Power Supply
OCZ ModXStream Pro 500w
Cooling
Corsair H60
Case
Thermaltake Core V71
Operating System
Win10 Home
Monitor
2x ASUS V236H 1080p
Keyboard
Corsair K70 Lux Blue LED Cherry MX Blue
Mouse
Cooler Master
Mouse
Thermaltake GAMMA
CPU
Motorola 68000 @ 7.8MHz
Motherboard
Macintosh SE logic board
Motherboard
Macintosh SE analog board (provides voltage + timing to CRT)
GPU
None. Graphics generated by ROM, OS and 68k (sans fpu)
RAM
NEC Electronics 80ns 9-chip 1MB SIMMs (four, 4MB total RAM)
Hard Drive
FloppyEmu Ver C in clear case, front-mounted, 500MB HFS .dsk file
Optical Drive
Sony 800KB Double-Sided floppy disk drive. Cleaned and relubricated
Power Supply
stock, 75W
Cooling
Single fan. Very small. (25mm?)
Cooling
Cage in the case itself provides convection cooling.
Case
Macintosh SE, platinum color, Snow White design language
Operating System
System Software 6.0.8 w/ Multifinder
Operating System
System Software 7.1 (rarely used; needed for Macintalk 2 speech synthesis)
Monitor
9" 1-bit (black and white) CRT, 512x342, 58Hz
Keyboard
Apple Desktop Bus Keyboard 1 (cleaned and restored.)
Mouse
Apple Desktop Bus Mouse 1 (cleaned)
Audio
Mono Speaker
Other
"Macintosh Toolbox" 128Kb ROM chip- accelerates OS/System calls
Other
Replaced soldered 3.6V PRAM battery liable to explode/leak w/ 3V lithium coin cell meant for Gameboy games.
▲ hide details ▲



Last edited by neurotix; 10-02-2019 at 12:04 AM.
neurotix is offline  
post #10 of 16 (permalink) Old 09-26-2019, 03:51 PM
In VB's Basement
 
ENTERPRISE's Avatar
 
Join Date: Oct 2004
Location: England,UK
Posts: 64,020
Quote: Originally Posted by neurotix View Post
lol

I run Debian Linux and do graphic design and custom conky scripts (desktop monitor) and theming for my installs as well as tons of tweaking, firewall scripts etc.

I also used sed (as per the article) for a custom conky calendar
Code:
 {execpi 20000 LAR=`date +%-d`; ncal -bh | sed '2d' | sed -e '1d' -e 's/\<'$LAR'\>/${color1}&${color5}/' | sed ':a;N;$!ba;s/\n/\n${goto 28}/g'}
Which simply prints the output of a terminal calendar application. With formatting.

My desktop looks like this


Attachment 297866



After my recent upgrade to a 3900x, running MATE, Compiz-Reloaded and Emerald window controls, with my custom background I made in GIMP, and my custom conky with extensive use of LUA scripts

I am not a malicious actor but I *highly* suggest VS patch the current code base for OCN against this immediately as it's literally as easy as copying the shell script out of that article, saving it as 'blahblahvbatk.sh' or something, and then figuring out some basic Bash shell scripts to control the site from a C&C server with an Apache install, through TOR over OpenVPN or something, and maybe a proxy. It would then be possible to ransom the admin panel, go in it and delete the SQL database, etc.

This is what you get when you run a hobbled together 2003-era vBulletin in 2019. Hope this was already known about and patched, VerticalScope, Inc.
This version of VB is not affected.


Need help with your account or something forum related ? Please use our Contact Us form



ENTERPRISE is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off