[Pkg-mediawiki-devel] Bug#776323: mediawiki: Suspicious mails sent via var/lib/mediawiki/images/shwso.php

Mon Jan 26 20:24:14 UTC 2015

Package: mediawiki
Version: 1:1.19.20+dfsg-0+deb7u3
Severity: normal

Dear Maintainer,

Today I started getting delivery failures from a server about mails sent by
the www-data user. I've added a small script to find out what is sending
them. It returned this:

/var/lib/mediawiki/images/shwso.php(7) : eval()'d code(1) : eval()'d code(1)
/: eval()'d code(10) : eval()'d code(2) : regexp code(1) : eval()'d
/code(501) : eval()'d code:77

I'm not sure what to make of it, and I must say I know very little about
mediawiki, but it looks a little like there is some sort of vulnerablity
being exploited (at least to my untrained eyes..)

-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-042stab092.3 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.utf8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mediawiki depends on:
ii  apache2-mpm-prefork [httpd]  2.2.22-13+deb7u4
ii  debconf [debconf-2.0]        1.5.49
ii  libjs-jquery                 1.7.2+dfsg-1
ii  libjs-jquery-cookie          6-1
ii  libjs-jquery-form            6-1
ii  libjs-jquery-tipsy           6-1
ii  mime-support                 3.52-1+deb7u1
ii  nginx-full [httpd]           1.2.1-2.2+wheezy3
ii  php5                         5.4.36-0+deb7u3
ii  php5-mysql                   5.4.36-0+deb7u3
ii  php5-sqlite                  5.4.36-0+deb7u3

Versions of packages mediawiki recommends:
ii  mediawiki-extensions-base  3.5~deb7u2
ii  mysql-server               5.5.41-0+wheezy1
ii  php-wikidiff2              0.0.1+svn109581-1
ii  php5-cli                   5.4.36-0+deb7u3
ii  python                     2.7.3-4+deb7u1

Versions of packages mediawiki suggests:
pn  clamav          <none>
ii  imagemagick     8:6.7.7.10-5+deb7u3
ii  mediawiki-math  2:1.0+git20120528-6
ii  memcached       1.4.13-0.2+deb7u1
ii  php5-gd         5.4.36-0+deb7u3

-- debconf information:
  mediawiki/webserver: apache2