In association with heise online

05 September 2006, 13:42

TikiWiki and PmWiki in hackers' crosshairs

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security holes in the Wiki systems TikiWiki and PmWiki are in the crosshairs of attackers seeking to build up Bot nets of compromised servers. Alongside IRC Bots, the attacks also place additional hacking tools on the affected servers. The pests then attempt to exploit further vulnerabilities in the Linux kernel so as to elevate their rights and gain complete control over the system, the Internet Storm Center has reported.

Current and potentially older versions of the Wiki software are affected. For PmWiki, as is so often the case, the instantiation of the register_globals PHP option is responsible for the hole; deactivation and then a restart of the web server is sufficient to remedy the problem. More extensive measures are required to make TikiWiki installations secure; that software's developers have provided details in a news bulletin.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit