News

We'd like to remind all admins about the latest PNSA 2005-3 - "Remote Code Injection via XML RPC (third party library used in PostNuke CMS < .760)"

If you have not already done this please follow the instructions ASAP - because there are already a couple of defacement reports.

Admins are also advised to use only the latest release builds (.750b for production and .760 RC5 for testing enviroments) and to check third party modules for security related issues - e.g. SPChat and PNphpBB have been also targeted lately (check the maintainer's sites for more information on this).

For some extra security the PostNuke Development Team additionally recommends running the webserver with register_globals=off and magic_quotes_gpc=on (see our Developer Blog for more information on this)


The following was posted on June 29th in PNSA 2005-3:

DESCRIPTION
PostNuke CMS is an open source, open development content management system (CMS). PostNuke CMS started as a fork from PHPNuke and provides many enhancements and improvements over the PHP-Nuke system.
PostNuke CMS is still undergoing development but a large number of core functions are now stabilising and a complete API for third-party developers (including ADODB database abstraction and Smarty templating) is in place.
The PostNuke CMS Development Team was notified about a security issue within the current .750 stable package and the .760 development tree.

VULNERABILTIES
- remote code injection via xml rpc library

SOLUTION
It is recommended that all admins deactivate and remove the 'xmlrpc' module within administration-modules and additionaly remove /xmlrpc.php and and the /modules/xmlrpc folder completly from the filesystem.

Andreas Krapohl [larsneo]
PostNuke CMS Development Team


Important Security Informations about PostNuke are also announced via the Security Mailinglist - all Site Administrators are encouraged to subscribe.