I assumed this meant systems that had been compromised would have to be re-installed. Not a precise choice of words on their part. --- Matt Mets wrote: > > Affected systems will need to be wiped and have the OS > > reinstalled, in most cases. > > um, this would be affected systems that didnt know how to set their > web server permissions correctly i assume? you think that any decent > install would do that... ill check the gentoo tonight (which would > probably have been patched a long time ago anyway), but it doesnt seem > to make a whole lot of sense to me. > > I mean come on, you dont have to reinstall an os to do this stuff... > thats crazy talk. This is unix, man, there isnt a registry to screw > up... just reinstall the frigging webserver if you have to. > > On 11/8/05, Kevin wrote: > > > > Just noticed this on securityfocus.com. Thought I would share it with > > the group. > > > > http://securityfocus.com/brief/38 > > > > A new Linux worm is crawling the web looking for a large number of > > vulnerable PHP systems and applications. The worm, known as Linux.Plupii > > (Symantec) or Linux/Lupper.worm (McAfee), is rated as a Category 2 worm > > by Symantec, while McAfee considers the risk "low." The worm installs a > > Trojan using wget and the attack allows for arbitrary code execution > > under the privileges of the web server user. > > > > The worm exploits PHP based vulnerabilities discovered back in June, and > > affects a large number of PHP web applications that use XML-RPC. The > > Trojan makes simple requests to web servers running on port 80 and the > > attack has been well documented by SANS. Unpatched systems are ripe for > > exploitation. Affected systems will need to be wiped and have the OS > > reinstalled, in most cases. > > > > The report comes on the heels of a new PHP release that addresses more > > security issues. Readers are also reminded of the Perl-based Santy worm > > and its variants as an indication that web-based worms that target Linux > > and Unix applications are becoming much more commonplace. > > > > ...Kevin > > > > > > > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change you mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss