On November 8, 2005 10:24, Shawn wrote: > This is an interesting read for any software developers out there... > > http://wired.com/news/technology/bugs/0,2924,69355,00.html?tw=wn_tophead_1 > > Don't know if I ever want to deal with radiation therapy now.. :) > > Also McAfee has announced that the Linux/Lupper worm has been found in the > wild. More information here: http://vil.nai.com/vil/content/v_136821.htm > > Shawn This worm spreads by exploiting specific PHP/CGI script vulnerabilities that could be hosted on the following URLs:
Ok, To bring it into prospective: Here is what the virus is looking at, as per the McAfee site listing, a few comments from me. Cheers Szemir http://[website]/cgi-bin/ http://[website]/scgi-bin/ http://[website]/cgi-bin/awstats/ http://[website]/scgi-bin/awstats/ http://[website]/cgi/awstats/ http://[website]/scgi/awstats/ http://[website]/scripts/ http://[website]/cgi-bin/stats/ http://[website]/scgi-bin/stats/ http://[website]/stats/ ------ Recent vuln in awstats. patch available but not published yet (AFAIK) ------ Disable access to awstats and or remove them from the system until ------ patched properly. http://[website]/xmlrpc.php http://[website]/xmlrpc/xmlrpc.php http://[website]/xmlsrv/xmlrpc.php http://[website]/blog/xmlrpc.php http://[website]/drupal/xmlrpc.php http://[website]/community/xmlrpc.php http://[website]/blogs/xmlrpc.php http://[website]/blogs/xmlsrv/xmlrpc.php http://[website]/blog/xmlsrv/xmlrpc.php http://[website]/blogtest/xmlsrv/xmlrpc.php http://[website]/b2/xmlsrv/xmlrpc.php http://[website]/b2evo/xmlsrv/xmlrpc.php http://[website]/wordpress/xmlrpc.php http://[website]/phpgroupware/xmlrpc.php ------ Fairly old xml parser bug. has been patched a long time ago, just make ------ sure you applied the updates for all the xml and xmlrpc stuff you ------ have. http://[website]/cgi-bin/includer.cgi http://[website]/sgi-cgi/includer.cgi http://[website]/includer/cgi http://[website]/cgi-bin/include/includer.cgi http://[website]/scgi-bin/include/includer.cgi http://[website]/cgi-bin/inc/includer.cgi http://[website]/scgi-bin/inc/includer.cgi http://[website]/cgi-local/includer.cgi http://[website]/scgi-local/includer.cgi http://[website]/cgi/includer.cgi http://[website]/scgi/includer.cgi http://[website]/hints.pl http://[website]/cgi/hints.pl http://[website]/scgi/hints.pl http://[website]/cgi-bin/hints.pl http://[website]/scgi-bin/hints.pl http://[website]/hints/hints.pl http://[website]/cgi-bin/webhints/hints.pl http://[website]/scgi-bin/webhints/hints.pl http://[website]/hints.cgi http://[website]http://[website]/cgi/hints.cgi http://[website]/scgi/hints.cgi http://[website]/cgi-bin/hints.cgi http://[website]/scgi-bin/hints.cgi http://[website]/hints/hints.cgi http://[website]/cgi-bin/hints/hints.cgi http://[website]/scgi-bin/hints/hints.cgi http://[website]/webhints/hints.cgi http://[website]/cgi-bin/webhints/hints.cgi http://[website]/scgi-bin/webhints/hints.cgi _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
