• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Lupper worm targets Linux systems

IGBT

IGBT

Lifer
Text


NOVEMBER 08, 2005 (IDG NEWS SERVICE) - A worm that affects Linux systems and spreads by exploiting Web server-related vulnerabilities has been reported by antivirus companies, but so far Linux.Plupii, which is also known as Lupper, hasn?t spread much and isn?t seen as much of a threat.
The worm spreads by exploiting Web servers hosting vulnerable PHP/CGI programming language scripts, according to McAfee Inc. The worm is a derivative of the Linux/Slapper and BSD/Scalper worms from which it has taken its propagation strategy, McAfee said in information provided on its Web site.

The worm, discovered Sunday, attacks Web servers by sending malicious HTTP requests on Port 80, McAfee said. If the server being targeted is running a vulnerable script at certain URLs and is configured to permit external shell commands and remote file download in PHP/CGI, the worm could be downloaded and executed, McAfee said. It can also harvest e-mail addresses stored in Web server files.

The worm opens a back door on a compromised computer and then generates URLs to scan for other computers to infect and that can affect network performance, according to information from Symantec Corp.



 
if yoeur are running a php/cgi that permits external shell commands and remote file download, you deserve the rm-rf / shell command run on you box.
 
Originally posted by: n0cmonkey
Does it target Linux or systems running PHP?
Click to expand...

It targets Linux systems running PHP. I believe the flaw is that an attacker can use `` to execute shell commands.
 
Originally posted by: nweaver
if yoeur are running a php/cgi that permits external shell commands and remote file download, you deserve the rm-rf / shell command run on you box.
Click to expand...
Agreed.
If the server being targeted is running a vulnerable script at certain URLs and is configured to permit external shell commands and remote file download in PHP/CGI
Click to expand...
Any idea what the vulnerable script(s) are/what the entry point is? This site doesnt give that much technical info about the vulnerability.
 
Well, my server isn't infected *yet*, but then again, I didn't set the external shell commands and remote file download settings (unless they're default???).
 
no, they are not default on any system I've worked on....

This sounds to me, more like a bug with PHP/Apache. If you can upload and execute commands, then any system is vunarable. Write a batch file (shell script, perl script, etc) and then call it using the remote execution...
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top