--- James Kosin <jkosin@xxxxxxxxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Antonio Olivares wrote: > > >Dear List, > > A strange worm is going around the web. It attacks > >some vulnerabilities in PHP. > > > >>From > >http://www.securityfocus.com/brief/38?ref=rss > > > >cut+paste here > >===================================================== > >A new Linux worm is crawling the web looking for a > >large number of vulnerable PHP systems and > >applications. The worm, known as Linux.Plupii > >(Symantec) or Linux/Lupper.worm (McAfee), is rated > as > >a Category 2 worm by Symantec, while McAfee > considers > >the risk "low." The worm installs a Trojan using > wget > >and the attack allows for arbitrary code execution > >under the privileges of the web server user. > > > > The worm exploits PHP based vulnerabilities > >discovered back in June, and affects a large number > of > >PHP web applications that use XML-RPC. The Trojan > >makes simple requests to web servers running on > port > >80 and the attack has been well documented by SANS. > >Unpatched systems are ripe for exploitation. > Affected > >systems will need to be wiped and have the OS > >reinstalled, in most cases. > > > > The report comes on the heels of a new PHP release > >that addresses more security issues. Readers are > also > >reminded of the Perl-based Santy worm and its > variants > >as an indication that web-based worms that target > >Linux and Unix applications are becoming much more > >commonplace. > > > >===================================================== > > > >what can we do to escape the threat of this worm. > >Does it need root priviledge? I am asking this > >because it is an eminent danger and how to secure > our > >pcs. > > > >Thanks, > > > >Antonio > > > > > > > > > >__________________________________ > >Yahoo! FareChase: Search multiple travel sites in > one click. > >http://farechase.yahoo.com > > > I wouldn't overreact... > > I believe this has been taken care of some time ago. > FC1 doesn't have > the exploit and I'm sure FC4 definitely does not. > > Safeguards: > - ------------ > (1) Unless the PC is a server; disable the httpd > service. > (2) Check the PC for the files they are trying to > access commonly. > If the php files are not there they can't affect > your system. > (3) Keep your packages updated. If not posted to > bugzilla try > posting this there. Security issues are important > if not noticed and > acted upon. > > Thanks, > James Kosin > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (MingW32) > Comment: Using GnuPG with Thunderbird - > http://enigmail.mozdev.org > > iD8DBQFDb9m1kNLDmnu1kSkRA8eWAJ4sPXHCSHzkrmh7R3Zt6/HlmWMIggCfQblp > sw7v+oF0uatbIkTUMoMi0/Q= > =E1PX > -----END PGP SIGNATURE----- > > -- > Scanned by ClamAV - http://www.clamav.net > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-list > Thanks for responding. In the vulnerable systems Fedora Core 1 - 4 were the ones with the vulnerability according to the website. Nonetheless, your advice is great and I appreciate it. I am not overreacting. I also believe that this is another effort by the Antivirus companies to earn more prospects and get some business. Best Regards, Antonio __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
