lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <C506C1A49DFCDB7B619AF51E@utd49554.utdallas.edu>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Possible apache2/php 4.3.9 worm

--On Tuesday, December 21, 2004 07:32:20 AM -0800 Alex Schultz 
<aschultz@...o-inc.com> wrote:

> Some of the sites I administer were alledgedly hit by a worm last night.
> It overwrote all .php/.html files that were owner writable and owned by
> apache.
>
> We were running apache 2.0.52 and php 4.3.9. Have any of you encounted
> this before?

php 4.3.9 has several serious security flaws in it.  (See here for more 
info - <http://www.php.net/release_4_3_10.php>).  You should have upgrade 
it ASAP.  That's most likely how the script altered the files.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ