A security advisory issued by Drupal assumes that every installation of the popular CMS based in the version 7.x was compromised unless patched.

Earlier this month, Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that exists in all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue.

There is an emergency in the Drupal community, earlier this month Drupal issued a patch to fix a critical SQL injection vulnerability (CVE-2014-3704) that affects the core of the 7.x versions. Exploiting the flaw an attacker may do a dump of the database used by the targeted website, without needing an account or tricking a user into exposing credentials.

The worrying news is that the attackers may have created backdoor in the system which could allow them to control the target and compromise other services on the server.

Security experts confirmed that websites based on the popular CMS are under attacks, cyber criminals and hackers are beginning using automated tools to scan and exploit the flaw to compromise the targets. The Development Team at Drupal confirmed that the attacks started within hours of the public disclosure of the vulnerability occurred on October 15th.

Drupal is warning that users to carefully inspect their systems, even if they have applied the patch, because already compromised website are exposed to serious risks.

“Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.”the Drupal Security Team wrote in a security advisory. “You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement,”.

In case the site owners suspect that their application has been compromised, it is suggested to restore the website from a clean backup or rebuild the site from scratch.

“While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find,” the advisory cautioned. “The recommendation is to restore from backup or rebuild from scratch.” states Drupal.

Drupal has anyway issued a documentation related to the response procedure in case the system is hacked.

Content management system are privileged targets for cybercriminals that could use automated scanning tool and exploits available in the underground.Due to the level of diffusion also the US-CERT has issued a security advisory on the vulnerability.

d1

Don’t waste time, patch your Drupal installation and verify that it is not compromised.

Pierluigi Paganini