Skip to content

Biting the hand that feeds IT

The Register

Security:


[Print][Mobile][NewsAlerts]

Linux worm targets PHP flaw

DON'T PANIC

Published Monday 7th November 2005 13:06 GMT
Get breaking Security news straight to your desktop - click here to find out how

Virus writers have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems.

XML-RPC for PHP features in many web application including PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. Most of these applications have been updated to address the security flaw.

But unpatched systems are at risk from a Linux worm - called Lupper - which exploits the bug to load itself onto vulnerable systems. Anti-virus firms report few reports of the malware which is noteworthy mainly because of the rarity of malware strains targeting Linux systems rather than its risk factor, which is low.

SAN's Internet Storm Centre has a comprehensive technical description of the threat (such as it is) here. ®

[Print][Mobile][NewsAlerts]
  • Simple and flexible server technology from HP
Latest Mobile Gadgets Software Downloads