=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN543
_____________________________________________________________________

DATE                      : 16/12/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running phpMyFAQ versions 2.6.11, 2.6.12.

======================================================================
http://www.phpmyfaq.de/advisory_2010-12-15.php
______________________________________________________________________


phpMyFAQ Security Advisory
phpmyfaq.de compromised

Issued on:
    2010-12-15
Software:
    phpMyFAQ > 2.6.10
Risk:
    Critical
Platforms:
    all

The main server of the phpMyFAQ Project was compromised in an attack,
allowing a rogue version of the phpMyfAQ software to be uploaded and
distributed from december 4th until december 15th. The affected
versions were phpMyFAQ 2.6.11 and 2.6.12, both zip and tar.gz package.
The attacker also changed the MD5 files.


Description

The attacker added a backdoor into the file inc/Faq.php in the method
getTopTen(). The code was base64 encoded and first sent an e-mail to
a GMail address and added an entry in the faqconfig table. With this
entry, a backdoor was opened to include to include arbitrary PHP code.


Solution

The phpMyFAQ Team will release a new clean phpMyFAQ version 2.6.13.
All users of affected phpMyFAQ versions are encouraged to upgrade as
soon as possible to this latest version.


Workaround

If you use phpMyFAQ 2.6.11 or phpMyFAQ 2.6.12 downloaded after
december 4th or before december 15th you should change the file
inc/Faq.php as soon as possible.


Credits

n/a.



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================