> Affected systems will need to be wiped and have the OS > reinstalled, in most cases. um, this would be affected systems that didnt know how to set their web server permissions correctly i assume? you think that any decent install would do that... ill check the gentoo tonight (which would probably have been patched a long time ago anyway), but it doesnt seem to make a whole lot of sense to me. I mean come on, you dont have to reinstall an os to do this stuff... thats crazy talk. This is unix, man, there isnt a registry to screw up... just reinstall the frigging webserver if you have to. On 11/8/05, Kevin wrote: > > Just noticed this on securityfocus.com. Thought I would share it with > the group. > > http://securityfocus.com/brief/38 > > A new Linux worm is crawling the web looking for a large number of > vulnerable PHP systems and applications. The worm, known as Linux.Plupii > (Symantec) or Linux/Lupper.worm (McAfee), is rated as a Category 2 worm > by Symantec, while McAfee considers the risk "low." The worm installs a > Trojan using wget and the attack allows for arbitrary code execution > under the privileges of the web server user. > > The worm exploits PHP based vulnerabilities discovered back in June, and > affects a large number of PHP web applications that use XML-RPC. The > Trojan makes simple requests to web servers running on port 80 and the > attack has been well documented by SANS. Unpatched systems are ripe for > exploitation. Affected systems will need to be wiped and have the OS > reinstalled, in most cases. > > The report comes on the heels of a new PHP release that addresses more > security issues. Readers are also reminded of the Perl-based Santy worm > and its variants as an indication that web-based worms that target Linux > and Unix applications are becoming much more commonplace. > > ...Kevin > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss