Infected PHP PEAR reverse shell
Emad R last edited by Emad R
If you installed PEAR PHP in the last 6 months, you may be infected
IT seems if you installed from default repos, your safe, but using site version your not
PEAR developers promised a more detailed incident post-mortem when this operation concludes.
In the meantime, earlier today, the PHP PEAR team also released PEAR v1.10.10, a new PEAR release, which is identical with the previous release v1.10.9, but which the PHP PEAR team uploaded on GitHub to give it a new timestamp and signal that it's a clean version that webmasters can install without fear of downloading a potentially backdoored release
UPDATE, January 23: In a series of tweets following the publication of this article, the PEAR team has published more details about its recent security breach. The tweets are embedded below:
In addition, the team at DCSO has also analyzed the malicious backdoor, and confirmed the findings of the PEAR team that it drops a reverse shell on infected hosts, allowing attackers to connect to web servers running a tainted PEAR package.
Guys I need to be able to download this infected PHP pear how to do so ?? I need to test security scanners for linux