[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Possible apache2/php 4.3.9 worm

To: Alex Schultz <aschultz@xxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Possible apache2/php 4.3.9 worm
From: Paul Schmehl <pauls@xxxxxxxxxxxx>
Date: Tue, 21 Dec 2004 11:27:54 -0600

--On Tuesday, December 21, 2004 07:32:20 AM -0800 Alex Schultz <aschultz@xxxxxxxxxxxx> wrote:

Some of the sites I administer were alledgedly hit by a worm last night.
It overwrote all .php/.html files that were owner writable and owned by
apache.

We were running apache 2.0.52 and php 4.3.9. Have any of you encounted
this before?

php 4.3.9 has several serious security flaws in it. (See here for more info - <http://www.php.net/release_4_3_10.php>). You should have upgrade it ASAP. That's most likely how the script altered the files.

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Possible apache2/php 4.3.9 worm
  - From: Alex Schultz

Prev by Date: [Full-Disclosure] hijack_apache-0.1a beta
Next by Date: [Full-Disclosure] Re: Linux kernel IGMP vulnerabilities
Previous by thread: Re: [Full-Disclosure] Possible apache2/php 4.3.9 worm
Next by thread: Re: [Full-Disclosure] Possible apache2/php 4.3.9 worm
Index(es):
- Date
- Thread