Updated: 12/1/2005; 8:44:32 AM.

XML and software
XML, web and software in general, with notes on Radio Userland resources


daily link  Tuesday, November 08, 2005


New Worm Plupii Targets Linux Web Service Holes: "The three vulnerabilities it attacks through are the XML-RPC for PHP Remote Code Injection vulnerability; the AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability; and the Darryl Burgdorf Webhints Remote Command Execution Vulnerability.

When Plupii is successful in infecting a server, it then sends a notification message to an attacker at a remote IP address via UDP port 7222 or 7111.  .. Next, it opens a back door through one or the other of these ports. This enables an attacker to gain unauthorized access to the compromised system. Once in place, Plupii generates a variety of URLs .. in an attempt to find and infect other vulnerable systems.

The worm itself is easy to destroy. One need only delete the file: /tmp/lupii. The more significant problem is what the attacker may have downloaded to the server while it was active.  Indeed, Symantec's Deepsight Alert Services recommends that, "Due to the ability of the remote user to perform so many different actions on the server computer, including installation of applications, it is highly recommended that compromised computers be completely reinstalled." "

  8:11:15 PM  permalink  

 
November 2005
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Oct   Dec
-
Subscribe to "XML and software" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
Click here to visit the Radio UserLand website.

jenett.radio.simplicity.1.3R


Copyright 2005 © Ken Novak.
Last update: 12/1/2005; 8:44:32 AM.