Does 2.2.6 address this backdoor?

tontoOz

Evidently there is a backdoor to pfSense:

https://github.com/chadillac/pfsense_xmlrpc_backdoor

Does pfSense 2.2.6 address this and how much of a problem is it?

Gertjan

Can't make this work ….  ;)

Back then (April 2015) we had also (the same) http://seclist.us/pfsense_xmlrpc_backdoor-a-php-backdoor-on-a-pfsense-firewall-over-xmlrpc-php.html

Also https://www.youtube.com/playlist?list=PL7j48fGjKnxT9DYFlN248E6HEQ4NErY9q

/usr/local/www/ignore.php
wasn't created.

Anyway : start here : https://forum.pfsense.org/index.php?topic=71015.0 (more threads exists)

cmb

That's not a "backdoor" or even a vulnerability, it was named by a moron.

It's using administrative functions of the system, post-authentication as a root-level user, to copy files to the system. It can be summarized as "I can root your box, just give me your root password." Uh huh, you can. With every OS ever created. When you're authenticated with full administrative credentials, there is no limit to what you can do, whether pfSense or Windows or Linux or BSD or anything else.