Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Possible apache2/php 4.3.9 worm
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 21 Dec 2004 11:27:54 -0600

--On Tuesday, December 21, 2004 07:32:20 AM -0800 Alex Schultz <aschultz () echo-inc com> wrote:

Some of the sites I administer were alledgedly hit by a worm last night.
It overwrote all .php/.html files that were owner writable and owned by
apache.

We were running apache 2.0.52 and php 4.3.9. Have any of you encounted
this before?

php 4.3.9 has several serious security flaws in it. (See here for more info - <http://www.php.net/release_4_3_10.php>). You should have upgrade it ASAP. That's most likely how the script altered the files.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]