Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: php icalendar vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
php icalendar vulnerability

George from TenableSecurity wrote two nessus plugins that checks for the vulnerabilities:

Both are available currently for those with direct plugin feeds and will become available in 3 days for those with registered feeds.

According to the exploit for one of the vulnerabilities, it will only work if  phpicalendar_publishing is set to 1 in, so, for now if you have this parameter set to 0, you may be safe.
echo "this works if \"phpicalendar_publishing\" is set to 1 in\r\n\r\n";

I didnt verify this yet, so you can expect another update on this...
Yes, another vulnerability on another php application that can lead to another php worm style...
This time the affected application is the php icalendar, according to a security advisory at Frsirt , and even worst, there are already two exploits available for it, and, no vendor patch yet...
My personal recommendation, if you use Php icalendar or any other app is to keep it current, and in this particular case, if possible, remove it until a patch/new version is available...

Handler on Duty: Pedro Bueno ( pbueno //&&//  isc. sans. org )

155 Posts
ISC Handler
Mar 21st 2006

Sign Up for Free or Log In to start participating in the conversation!