mailing list archives
Re: Possible apache2/php 4.3.9 worm
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 21 Dec 2004 11:27:54 -0600
--On Tuesday, December 21, 2004 07:32:20 AM -0800 Alex Schultz
<aschultz () echo-inc com> wrote:
Some of the sites I administer were alledgedly hit by a worm last night.
It overwrote all .php/.html files that were owner writable and owned by
We were running apache 2.0.52 and php 4.3.9. Have any of you encounted
php 4.3.9 has several serious security flaws in it. (See here for more
info - <http://www.php.net/release_4_3_10.php>). You should have upgrade
it ASAP. That's most likely how the script altered the files.
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
Full-Disclosure - We believe in it.
Re: Possible apache2/php 4.3.9 worm Juan Carlos Navea (Dec 22)