Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
11-09-2005, 08:38 AM
|
#2
|
|
Member
Registered: Apr 2002
Posts: 498
Rep: 
|
Snort has picked up several of these attacks on our network in the last few days. The specific one I've seen is the one that exploits the XML-RPC vuln in PHP. The web page it posts to indicate that it is trying to attack specific apps that would be vulnerable were they installed. I haven't seen any indiscriminate posting looking for vulnerable pages.
|
|
|
|
|
11-12-2005, 05:41 PM
|
#3
|
|
Member
Registered: Nov 2005
Location: Nord Vancouver
Distribution: suse 10.0
Posts: 106
Rep:
|
Re: Lupper Worm
What about my DLINK-604 firewall hardware is it safe? |
|
|
|
|
11-13-2005, 01:12 AM
|
#4
|
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Original Poster
Rep:
|
Re: Re: Lupper Worm
Quote:
Originally posted by schneemann
What about my DLINK-604 firewall hardware is it safe?
|
As far as I know, it should be. I can't imagine that DLink would put any of those vulnerable applications on a SOHO firewall/router device. Theoretically even if they were to be installed with the Dlink firmware, they'd only be accessible over the configuration web interface which can only be accessed from the LAN side. |
|
|
|
|
11-13-2005, 07:26 AM
|
#5
|
|
Member
Registered: Nov 2005
Location: Nord Vancouver
Distribution: suse 10.0
Posts: 106
Rep:
|
Re: Re: Re: Lupper Worm
Quote:
Originally posted by Capt_Caveman
As far as I know, it should be. I can't imagine that DLink would put any of those vulnerable applications on a SOHO firewall/router device. Theoretically even if they were to be installed with the Dlink firmware, they'd only be accessible over the configuration web interface which can only be accessed from the LAN side.
|
In the Dlink manual tells me to updated my Dlink software.
That CD comes with DLINK-604 is 3years old should I update my driver? |
|
|
|
|
11-13-2005, 01:03 PM
|
#6
|
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Original Poster
Rep:
|
Re: Re: Re: Re: Lupper Worm
Quote:
Originally posted by schneemann
In the Dlink manual tells me to updated my Dlink software.
That CD comes with DLINK-604 is 3years old should I update my driver?
|
You should always update firmware with the lastest versions. Check the Dlink website to see the most recent release version. Again, I highly doubt that this would affect your router, so I don't believe dlink will release new versions specifically to deal with these vulns. They may have new releases availble to correct other hardware/software bugs though, so upgrading is probably a good idea. Make sure to follow the directions carefully though, as botching a firmware upgrade can turn your router into a brick. |
|
|
|
|
11-13-2005, 02:21 PM
|
#7
|
|
Member
Registered: Nov 2005
Location: Nord Vancouver
Distribution: suse 10.0
Posts: 106
Rep:
|
Re: Lupper Worm
Quote:
Originally posted by Capt_Caveman
You should always update firmware with the lastest versions. Check the Dlink website to see the most recent release version. Again, I highly doubt that this would affect your router, so I don't believe dlink will release new versions specifically to deal with these vulns. They may have new releases availble to correct other hardware/software bugs though, so upgrading is probably a good idea. Make sure to follow the directions carefully though, as botching a firmware upgrade can turn your router into a brick.
|
I looked into it no available.
So I`m doing fine then |
|
|
|
|
01-05-2006, 09:36 AM
|
#8
|
|
Member
Registered: Oct 2003
Location: New York
Distribution: Debian Sid
Posts: 185
Rep:
|
Quote:
|
Originally Posted by Capt_Caveman
As far as I know, it should be. I can't imagine that DLink would put any of those vulnerable applications on a SOHO firewall/router device. Theoretically even if they were to be installed with the Dlink firmware, they'd only be accessible over the configuration web interface which can only be accessed from the LAN side.
|
I don't know about the Dlink specifically, but some routers (like my Netgear MR814) can be configured to allow access to the config web interface from the WAN side too. Of course, you definiteley shouldn't enable that without a) a very good reason, b) a very good password and c) knowing what you're doing  |
|
|
|
|
02-21-2006, 01:52 PM
|
#9
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
The Lupper Worm Has Mutated
Quote:
|
Since the end of last week, new variants of the Linux worm called Lupper have been making their way through the Internet. Anti-virus experts are using a slew of different names for them: Plupii.C, Lupper.worm.b, Lupper-I and Mare.d.
|
http://www.heise.de/english/newsticker/news/69878
Quote:
|
Security experts today warned of a Linux network worm that exploits holes in the Mambo content management system and the PHP XML-RPC library.
|
http://www.vnunet.com/vnunet/news/21...nux-worm-loose
Quote:
|
Internet ne'er do wells have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems. The Mare-D worm also tries to take advantage of a security flaw in Mambo to spread. If successful, the worm installs an IRC-controlled backdoor on compromised systems.
|
http://www.theregister.co.uk/2006/02/20/linux_worm/
Quote:
|
A Linux network worm that installs backdoors to compromised systems and which “listens” for commands from its creator is on the loose, security experts have warned.
|
http://www.computerweekly.com/Articl...ontheloose.htm |
|
|
|
|
02-27-2006, 08:02 AM
|
#10
|
|
Member
Registered: Aug 2005
Location: In My Office
Distribution: Fedora, Ubuntu
Posts: 61
Rep:
|
So does this machine affect servers running horde on fedora C3??
Iv realised that Horde has files names xmlrpc.php in the following
locations
/usr/share/psa-horde/lib/Horde/RPC/xmlrpc.php
/usr/local/sitebuilder/include/kernel/xmlrpc.php
any ideas?
Redice
|
|
|
|
|
02-27-2006, 09:07 AM
|
#11
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
at the time of this post:
Quote:
|
The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Horde Application Framework 3.x.
|
http://secunia.com/product/4524/
just my  ... |
|
|
|
|
02-27-2006, 09:28 AM
|
#12
|
|
Member
Registered: Aug 2005
Location: In My Office
Distribution: Fedora, Ubuntu
Posts: 61
Rep:
|
Thanks there,
Meaning nothing needs to be patched up on my horde!
Any other comments out there?
Redice
|
|
|
|
|
02-27-2006, 09:35 AM
|
#13
|
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Original Poster
Rep:
|
Agreed. However I would make sure that the main PHP packages themselves have been updated, as they include an xml-rpc lib too.
|
|
|
|
|
02-27-2006, 11:07 AM
|
#14
|
|
Member
Registered: Aug 2005
Location: In My Office
Distribution: Fedora, Ubuntu
Posts: 61
Rep:
|
How would one go about updating the PHP packages in Horde?
redice
|
|
|
|
All times are GMT -5. The time now is 10:33 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
