New Worm Targets Linux and PHP
Skip | 09 November, 2005 14:40
A new worm that propagates by exploiting security vulnerabilities in
Web server software is attacking Linux systems, antivirus companies
warned on Monday, according to news.com.
The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper."
Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm which you can read about here:
http://vil.nai.com/vil/content/v_136821.htm
Through this script, a backdoor system is installed on infected servers, giving the attacker remote control over the system. The Linux / PHP server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.
The worm exploits three vulnerabilities to propagate: the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm, which can be read here:
http://www.symantec.com/avcenter/venc/data/linux.plupii.html
The XML-RPC hole affects blogs, wiki's and content management software systems. Patches are available for most affected systems, so go to your main vendor website to look for an update or patch. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script; no fixes are available for the script at the time of this posting.
The worm spreads by exploiting Web servers that host susceptible scripts at specific locations, according to antivirus software maker McAfee, which has named the worm "Lupper."
Lupper blindly attacks Web servers, installing and executing a copy of the worm when a vulnerable server is found, McAfee said in its description of the worm which you can read about here:
http://vil.nai.com/vil/content/v_136821.htm
Through this script, a backdoor system is installed on infected servers, giving the attacker remote control over the system. The Linux / PHP server joins a network of compromised systems, which can be used, for example, in attacks against other computers, according to McAfee.
The worm exploits three vulnerabilities to propagate: the XML-RPC for PHP Remote Code Injection vulnerability; AWStats Rawlog Plugin Logfile Parameter Input Validation vulnerability; and Darryl Burgdorf's Webhints Remote Command Execution Vulnerability, according to Symantec's online description of the worm, which can be read here:
http://www.symantec.com/avcenter/venc/data/linux.plupii.html
The XML-RPC hole affects blogs, wiki's and content management software systems. Patches are available for most affected systems, so go to your main vendor website to look for an update or patch. AWStats is a log analyzer tool; a fix for the flaw has been available since February. Darryl Burgdorf's Webhints is a hint generation script; no fixes are available for the script at the time of this posting.
Comments for post
Menu
calendar
| « | October 2008 | » | ||||
|---|---|---|---|---|---|---|
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
RSS Feed