PCI scan failed: Limbo CMS arbitrary command execution on LSWS console port

[Cameo]

For the past 7 or 8 weeks our PCI scanning service has been warning us of a vulnerability on the port we use for our web console listener:

A remote attacker could execute arbitrary commands, create or overwrite files, or view files or directories on the web server.

In addition to hosting HTML pages, most web servers host programs or applications, which perform various functions, possibly including content management, discussion forums, or access to a database system. These programs process input provided by a client through a web browser. Input is normally entered by the user into an HTML form, but can also be entered directly using a URL such as http://server/index.php?input=data.

The Limbo CMS vulnerabilities were posted to [http://www.securityfocus.com/bid/16902] Bugtraq ID 16902.

Information from Target:

Service: xxxx:TCP
Sent: GET /index.php?option=frontpage&Itemid=system(id) HTTP/1.0
Host: www.xxxxxxxxxxx.com:xxxx
User-Agent: Mozilla/4.0
Connection: Keep-alive

Received: Set-Cookie: lsws_uid=a; expires=Mon, 12 Apr 2010 10:34:57 GMT; path=/

Any suggestions on how we can resolve this to maintain PCI-compliance?

 

[NiteWave]

the solution is there following the link you provided:
http://www.securityfocus.com/bid/16902/solution
Solution:
LimboCMS has released a cumulative patch to address this vulnerability. Please see the reference section for further details.

this is a php vulnerability of LimboCMS. You've to contact LimboCMS to get the patch yourself. it's not related web server.

 

[Cameo]

Nessus found an abandoned Joomla template that must have used LimboCMS for something. No idea why it was on the server listener port.

Thank you!