Full Disclosure mailing list archives
Re: Possible apache2/php 4.3.9 worm
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 21 Dec 2004 11:27:54 -0600
--On Tuesday, December 21, 2004 07:32:20 AM -0800 Alex Schultz <aschultz () echo-inc com> wrote:
Some of the sites I administer were alledgedly hit by a worm last night. It overwrote all .php/.html files that were owner writable and owned by apache. We were running apache 2.0.52 and php 4.3.9. Have any of you encounted this before?
php 4.3.9 has several serious security flaws in it. (See here for more info - <http://www.php.net/release_4_3_10.php>). You should have upgrade it ASAP. That's most likely how the script altered the files.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Possible apache2/php 4.3.9 worm Alex Schultz (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Pamela Patterson (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Paul Schmehl (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Ron Brogden (Dec 21)
- Re: Possible apache2/php 4.3.9 worm Brendan Dolan-Gavitt (Dec 21)
- Re: Possible apache2/php 4.3.9 worm DanB UK (Dec 22)
- Re: Possible apache2/php 4.3.9 worm Barrie Dempster (Dec 22)
- Re: Possible apache2/php 4.3.9 worm dk (Dec 22)
- Re: Possible apache2/php 4.3.9 worm DanB UK (Dec 23)
- Re: Possible apache2/php 4.3.9 worm dk (Dec 27)
- Re: Possible apache2/php 4.3.9 worm milw0rm Inc. (Dec 22)
- <Possible follow-ups>
- Re: Possible apache2/php 4.3.9 worm Feher Tamas (Dec 21)