Joomla Vulnerability
VUIT Security Notice: Vulnerability found in Joomla, patch immediately
Vanderbilt IT would like to bring the following information to the technical community’s attention, especially those who use Joomla.
A zero-day remote code execution vulnerability was identified in Joomla versions 1.5 to 3.4. The security vulnerability has been identified as critical because it can be exploited remotely and can potentially allow the attacker to take control of the affected machine. In turn, this grants the attacker access to other systems within the network.
It is imperative that Joomla users patch and upgrade accordingly as soon as possible:
- Users of the 3.x branch should update to 3.4.6 at
https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html. - Users of end-of-life versions 1.5 and 2.5 should install a security hot fix at https://www.ostraining.com/blog/joomla/hotfixes/.
If you suspect that your system was targeted as a result of this vulnerability, contact VUIT Incident Response at VUIT.Incident.Response@vanderbilt.edu.
VUIT will continue to monitor this vulnerability closely. The team is waiting for vendors before instituting detection capability for possible exploits of this vulnerability and transitioning into prevention mode.
For more information, please contact VUIT Security Operations at vuit.incident.response@vanderbilt.edu.
Sources and References:
https://threatpost.com/attacks-ramp-up-against-joomla-zero-day/115638/
https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.htm
https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html
https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
http://arstechnica.com/security/2015/12/hackers-actively-exploit-critical-vulnerability-in-sites-running-joomla/