oss-sec mailing list archives

Re: OpenX Ad Server Backdoor CVE?

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 06 Aug 2013 23:16:19 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/06/2013 06:10 PM, Nathan March wrote:

On 8/6/2013 4:52 PM, Kurt Seifried wrote:

According to a post by Heise Security, a backdoor has been
spotted in the popular open source ad software OpenX [1][2].
Appearantly the backdoor has been present since at least November
2012. I tried to download the source to verify the information,
but it appears the files have been removed.


I can confirm this is in 2.8.10 that was downloaded on July 15th.
It's inside the /etc/plugins/openXVideoAds.zip at 
./plugins/deliveryLog/vastServeVideoPlayer/flowplayer/3.1.1/flowplayer-3.1.1.min.js



md5sum on the zip matches 6b3459f16238aa717f379565650cb0cf

- Nathan


Please use CVE-2013-4211 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSAdgiAAoJEBYNRVNeJnmTbxMP/RnSpjLObSpR9aY7qf4iT0EF
6knTvjDGxAlcpdjYiZFb/eKqQU6HEz7AY8jmnIcUZxdcOz2gqJWRrfRIlsq60MPK
2DeQqs1YTeI8y/MW5zG992e0zl83F5L9hZ+jthI1K5pOAdodyov+iAKoaEVc1Jtc
BVY0wctV/rJG31Z3ljnwq9xoHpTgGhKfviqAlVHENja7bagmp9fm9mxd4JwFB9W4
VYiNbKUSjbjWRFW4jEUb9+3bzD4AY3mlOqhsqBeHbT/yvw1UvLlsy7PF/VLwlf/i
nhtcUJk/61kgiCr0AOj+Nn17BLQ7HQyjFrnbEAucoXH02ZXdnwAp3lBc81/1J0eQ
x3avpvOP44ghxjWGnPXZnb1JwURtoqVq3BdV3LOPFaSjci8dDoMmqRSPxotGT0WX
725tgnlgaItvEMR/bU5MbkNRtuJwzWnOiIgorG1soInjCZNRy0ojZHpRT9JCc0mo
88/veCmfIQvwRLG9d23CBUyuWqKR3UKqHIVUYsdO5iuzDyAntT00OIBy7YMaeVPQ
vGJFPMj8s8JLZX/Z0BpP09uvHjsTgqfrgA3GQkpSct8E+40FMNFuqxzANk1Vxy/Z
p/JB0NH33aAu4NVnhcJ2lpJ8FHx4/RZ6RyKT7t7+G1R4hSACYsJK+X3zXeNWzYHu
iCIRl4sDn3hSJ8qdPDcd
=vwwV
-----END PGP SIGNATURE-----

Current thread:

OpenX Ad Server Backdoor CVE? Kurt Seifried (Aug 06)
- Re: OpenX Ad Server Backdoor CVE? Nathan March (Aug 07)
  - Re: OpenX Ad Server Backdoor CVE? Kurt Seifried (Aug 06)