OpenX releases malvertising backdoor fix

By

Says paid offerings unaffected.

The open source product contained remote PHP code execution vulnerabilities in the zip, tgz and bz2 archives of the software. 

OpenX releases malvertising backdoor fix
OpenX has released a new version of its advertising server software to close backdoors used to deliver malvertising.

The mandatory fix was delivered in version 2.8.11 of OpenX Source.

OpenX, which counts the New York Post, Coca Cola, CBS Interactive and EA among its customers, said its paid offerings were not affected.

"Recently we became aware of a security issue ... whereby the binary distribution of v. 2.8.10 was compromised, and two of the files were replaced with two new modified files that contained a remote code execution vulnerability," senior application security engineer Nick Soracco said in a statement.

"This vulnerability only applies to the free downloadable open source product, OpenX Source.

"We are taking this opportunity to remind the OpenX Source community that it’s critical to the safe maintenance and operation of any software that you not only maintain a current version of the software, but also take steps to regularly audit accounts that have access to your system."

He encouraged users to report possible further security flaws to the company.

The company said in an advisory that the following commands should be run within the top level OpenX directory to determine if the compromised release was installed.

md5sum \

plugins/deliveryLog/vastServeVideoPlayer/flowplayer/3.1.1/flowplayer-3.1.1.min.js \

plugins/deliveryLog/vastServeVideoPlayer/player.delivery.php \

lib/max/Delivery/common.php

The code below indicates the compromised application:

558c80e601fb996e5f6bbc99a9ee0051 plugins/deliveryLog/vastServeVideoPlayer/flowplayer/3.1.1/flowplayer-3.1.1.min.js

fa4991d5fd3bf4a947b6ab0b15ce10b2  plugins/deliveryLog/vastServeVideoPlayer/player.delivery.php

5014c31b479094c0b32221ae1f1473ac  lib/max/Delivery/common.php

The substring below within log files indicates that the backdoor was under active exploitation:

fc.php?script=deliveryLog:vastServeVideoPlayer:player&file_to_serve=flowplayer/3.1.1/flowplayer-3.1.1.min.js

The remote PHP code comes in as a POST parameter and was not seen in server logs by default.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
advertisingbackdoormalvertisingpatchingsecurityvulnerabilities

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?