Fri Nov 22 00:11:46 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE
 POLITICS
 JOBS
 MEMBERS'
CORNER
 MAILING
LIST
NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2005-11-01

HANGOUT

2024-11-22 | 2024-10-22 | 2024-09-22 | 2024-08-22 | 2024-07-22 | 2024-06-22 | 2024-05-22 | 2024-04-22 | 2024-03-22 | 2024-02-22 | 2024-01-22 | 2023-12-22 | 2023-11-22 | 2023-10-22 | 2023-09-22 | 2023-08-22 | 2023-07-22 | 2023-06-22 | 2023-05-22 | 2023-04-22 | 2023-03-22 | 2023-02-22 | 2023-01-22 | 2022-12-22 | 2022-11-22 | 2022-10-22 | 2022-09-22 | 2022-08-22 | 2022-07-22 | 2022-06-22 | 2022-05-22 | 2022-04-22 | 2022-03-22 | 2022-02-22 | 2022-01-22 | 2021-12-22 | 2021-11-22 | 2021-10-22 | 2021-09-22 | 2021-08-22 | 2021-07-22 | 2021-06-22 | 2021-05-22 | 2021-04-22 | 2021-03-22 | 2021-02-22 | 2021-01-22 | 2020-12-22 | 2020-11-22 | 2020-10-22 | 2020-09-22 | 2020-08-22 | 2020-07-22 | 2020-06-22 | 2020-05-22 | 2020-04-22 | 2020-03-22 | 2020-02-22 | 2020-01-22 | 2019-12-22 | 2019-11-22 | 2019-10-22 | 2019-09-22 | 2019-08-22 | 2019-07-22 | 2019-06-22 | 2019-05-22 | 2019-04-22 | 2019-03-22 | 2019-02-22 | 2019-01-22 | 2018-12-22 | 2018-11-22 | 2018-10-22 | 2018-09-22 | 2018-08-22 | 2018-07-22 | 2018-06-22 | 2018-05-22 | 2018-04-22 | 2018-03-22 | 2018-02-22 | 2018-01-22 | 2017-12-22 | 2017-11-22 | 2017-10-22 | 2017-09-22 | 2017-08-22 | 2017-07-22 | 2017-06-22 | 2017-05-22 | 2017-04-22 | 2017-03-22 | 2017-02-22 | 2017-01-22 | 2016-12-22 | 2016-11-22 | 2016-10-22 | 2016-09-22 | 2016-08-22 | 2016-07-22 | 2016-06-22 | 2016-05-22 | 2016-04-22 | 2016-03-22 | 2016-02-22 | 2016-01-22 | 2015-12-22 | 2015-11-22 | 2015-10-22 | 2015-09-22 | 2015-08-22 | 2015-07-22 | 2015-06-22 | 2015-05-22 | 2015-04-22 | 2015-03-22 | 2015-02-22 | 2015-01-22 | 2014-12-22 | 2014-11-22 | 2014-10-22 | 2014-09-22 | 2014-08-22 | 2014-07-22 | 2014-06-22 | 2014-05-22 | 2014-04-22 | 2014-03-22 | 2014-02-22 | 2014-01-22 | 2013-12-22 | 2013-11-22 | 2013-10-22 | 2013-09-22 | 2013-08-22 | 2013-07-22 | 2013-06-22 | 2013-05-22 | 2013-04-22 | 2013-03-22 | 2013-02-22 | 2013-01-22 | 2012-12-22 | 2012-11-22 | 2012-10-22 | 2012-09-22 | 2012-08-22 | 2012-07-22 | 2012-06-22 | 2012-05-22 | 2012-04-22 | 2012-03-22 | 2012-02-22 | 2012-01-22 | 2011-12-22 | 2011-11-22 | 2011-10-22 | 2011-09-22 | 2011-08-22 | 2011-07-22 | 2011-06-22 | 2011-05-22 | 2011-04-22 | 2011-03-22 | 2011-02-22 | 2011-01-22 | 2010-12-22 | 2010-11-22 | 2010-10-22 | 2010-09-22 | 2010-08-22 | 2010-07-22 | 2010-06-22 | 2010-05-22 | 2010-04-22 | 2010-03-22 | 2010-02-22 | 2010-01-22 | 2009-12-22 | 2009-11-22 | 2009-10-22 | 2009-09-22 | 2009-08-22 | 2009-07-22 | 2009-06-22 | 2009-05-22 | 2009-04-22 | 2009-03-22 | 2009-02-22 | 2009-01-22 | 2008-12-22 | 2008-11-22 | 2008-10-22 | 2008-09-22 | 2008-08-22 | 2008-07-22 | 2008-06-22 | 2008-05-22 | 2008-04-22 | 2008-03-22 | 2008-02-22 | 2008-01-22 | 2007-12-22 | 2007-11-22 | 2007-10-22 | 2007-09-22 | 2007-08-22 | 2007-07-22 | 2007-06-22 | 2007-05-22 | 2007-04-22 | 2007-03-22 | 2007-02-22 | 2007-01-22 | 2006-12-22 | 2006-11-22 | 2006-10-22 | 2006-09-22 | 2006-08-22 | 2006-07-22 | 2006-06-22 | 2006-05-22 | 2006-04-22 | 2006-03-22 | 2006-02-22 | 2006-01-22 | 2005-12-22 | 2005-11-22 | 2005-10-22 | 2005-09-22 | 2005-08-22 | 2005-07-22 | 2005-06-22 | 2005-05-22 | 2005-04-22 | 2005-03-22 | 2005-02-22 | 2005-01-22 | 2004-12-22 | 2004-11-22 | 2004-10-22 | 2004-09-22 | 2004-08-22 | 2004-07-22 | 2004-06-22 | 2004-05-22 | 2004-04-22 | 2004-03-22 | 2004-02-22 | 2004-01-22 | 2003-12-22 | 2003-11-22 | 2003-10-22 | 2003-09-22 | 2003-08-22 | 2003-07-22 | 2003-06-22 | 2003-05-22 | 2003-04-22 | 2003-03-22 | 2003-02-22 | 2003-01-22 | 2002-12-22 | 2002-11-22 | 2002-10-22 | 2002-09-22 | 2002-08-22 | 2002-07-22 | 2002-06-22 | 2002-05-22 | 2002-04-22 | 2002-03-22 | 2002-02-22 | 2002-01-22 | 2001-12-22 | 2001-11-22 | 2001-10-22 | 2001-09-22 | 2001-08-22 | 2001-07-22 | 2001-06-22 | 2001-05-22 | 2001-04-22 | 2001-03-22 | 2001-02-22 | 2001-01-22 | 2000-12-22 | 2000-11-22 | 2000-10-22 | 2000-09-22 | 2000-08-22 | 2000-07-22 | 2000-06-22 | 2000-05-22 | 2000-04-22 | 2000-03-22 | 2000-02-22 | 2000-01-22 | 1999-12-22

Key: Value:

Key: Value:

MESSAGE
DATE 2005-11-10
FROM From:
SUBJECT Re: [NYLXS - HANGOUT] New Worm Targets Linux Web Service Holes
does this mean anti-virus for GNU/Linux?


-----Original Message-----

From: "Inker, Evan"
Subj: [NYLXS - HANGOUT] New Worm Targets Linux Web Service Holes
Date: Thu Nov 10, 2005 8:31 am
Size: 4K
To: hangout-at-mrbrklyn.com

New Worm Targets Linux Web Service Holes
November 7, 2005
http://www.eweek.com/article2/0,1895,1882889,00.asp

By Steven J. Vaughan-Nichols
Over the last few days, a new worm, Linux.Plupii, which attacks Linux
systems via Web-server related services, has made its appearance.

This worm, also known as Linux/Lupper.worm or luppi, is a blended threat. It
attempts to use three different Web-service security holes in its attempts
to infect Linux-based systems that are running the vulnerable services.

The three vulnerabilities it attacks through are the XML-RPC for PHP Remote
Code Injection vulnerability; the AWStats Rawlog Plugin Logfile Parameter
Input Validation Vulnerability; and the Darryl Burgdorf Webhints Remote
Command Execution Vulnerability.

The XML-RPC hole commonly exists in blogging and Wiki programs. There are
now fixes available for this hole for most systems.

AWStats is a popular, open-source log-file analyzer. Only servers which run
AWStats 5.0 to 6.3 can be attacked. Versions 6.4, which came out in March,
and higher are immune.

Finally, Webhints is an older script program that's designed to set up and
maintain a "Hint (Quote/Tip/Joke/Whatever) of the Day" page. Version 1.3 is
vulnerable to attack. There is, at this time, no known fix for the program.


When Plupii is successful in infecting a server, it then sends a
notification message to an attacker at a remote IP address via UDP port 7222
or 7111. Which port it attacks appears to be hard-wired into the worm and
thus represents two different versions of the same worm. Next, it opens a
back door through one or the other of these ports. This enables an attacker
to gain unauthorized access to the compromised system.

Once in place, Plupii generates a variety of URLs. It uses these, via the
default Web server port, 80, in an attempt to find and infect other
vulnerable systems.

The worm itself is easy to destroy. One need only delete the file:
/tmp/lupii. The more significant problem is what the attacker may have
downloaded to the server while it was active.

Indeed, Symantec's Deepsight Alert Services recommends that, "Due to the
ability of the remote user to perform so many different actions on the
server computer, including installation of applications, it is highly
recommended that compromised computers be completely reinstalled."

Symantec also reported that many major Linux distributions, including Red
Hat, SUSE and Turbolinux, can be impacted by this worm. Given that the list
includes most major Linux 2.4 and 2.6 distributions, it can be presumed that
any Linux running an application that employs one of the vulnerable programs
may be at risk.

According to the Internet Storm Center, this worm is operating in the wild
on the Internet.

All the major anti-virus vendors, including Symantec Corp., McAfee Inc., and
Computer Associates International Inc. and open source anti-viral programs
like ClamAV now have signature files for the worm.

The worm can also be stopped in the first place by avoiding all use of
Webhints and using only patched versions of AWStats and PHP.

Check out eWEEK.com's Linux & Open Source Center for the latest open-source
news, reviews and analysis.


****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************

  1. 2005-11-02 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Massachusetts' CIO defends move to OpenDocument
  2. 2005-11-02 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] GNU/Linux Sysadmin Jobs for 60K
  3. 2005-11-02 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Sony Ships Sneaky DRM Software
  4. 2005-11-02 Ruben Safir <ruben-at-mrbrklyn.com> Re: [NYLXS - HANGOUT] Sony Ships Sneaky DRM Software
  5. 2005-11-03 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] Paris and Iraq
  6. 2005-11-03 Ruben Safir <ruben-at-mrbrklyn.com> Re: [NYLXS - HANGOUT] Paris and Iraq
  7. 2005-11-03 Ruben Safir <ruben-at-mrbrklyn.com> Re: [NYLXS - HANGOUT] Sony Ships Sneaky DRM Software
  8. 2005-11-03 Contrarian <adrba-at-nyct.net> Subject: [NYLXS - HANGOUT] Senate to vote today on M$ sponsored HB visas
  9. 2005-11-03 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [Fwd: Still time to register: Tame the Data Explosion]
  10. 2005-11-03 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] More Sony DRM
  11. 2005-11-03 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] Content Reading/Intel and GNU/Linux
  12. 2005-11-03 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [Fwd: Linux Research - Request For Assistance]
  13. 2005-11-05 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [Fwd: JobCircle Weekly Summary of New Jobs]
  14. 2005-11-07 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Community: Why Is Novell Chopping Its SUSE Linux Workstation and
  15. 2005-11-07 From: "Steve Milo" <slavik914-at-rennlist.net> Re: [NYLXS - HANGOUT] Community: Why Is Novell Chopping Its SUSE Linux Workstation and Desktop Product Line?
  16. 2005-11-08 From: <mlr52-at-michaellrichardson.com> Subject: [NYLXS - HANGOUT] Yahoo chat
  17. 2005-11-08 From: "J.E. Cripps" <cycmn-at-nyct.net> Re: [NYLXS - HANGOUT] Yahoo chat
  18. 2005-11-09 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [infsanto-at-council.nyc.ny.us: E-Update for the Committee on Technology in Government]
  19. 2005-11-09 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [smccool-at-realmsys.com: Linux Applications Contest ? Win $50K]
  20. 2005-11-10 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] New Worm Targets Linux Web Service Holes
  21. 2005-11-10 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Suse co-founder leaves Novell
  22. 2005-11-10 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Novell Tripping Over its Linux Strategy
  23. 2005-11-10 From: <mlr52-at-michaellrichardson.com> Re: [NYLXS - HANGOUT] New Worm Targets Linux Web Service Holes
  24. 2005-11-10 From: "Inker, Evan" <EInker-at-gam.com> RE: [NYLXS - HANGOUT] New Worm Targets Linux Web Service Holes
  25. 2005-11-10 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] General Membership Meeting Tuesday Night 11-15-2005
  26. 2005-11-10 From: "Inker, Evan" <EInker-at-gam.com> RE: [NYLXS - HANGOUT] General Membership Meeting Tuesday Night 11
  27. 2005-11-10 Ruben Safir <ruben-at-mrbrklyn.com> RE: [NYLXS - HANGOUT] General Membership Meeting Tuesday Night 11
  28. 2005-11-10 Ruben Safir <ruben-at-mrbrklyn.com> Re: [NYLXS - HANGOUT] General Membership Meeting Tuesday Night
  29. 2005-11-10 From: <mlr52-at-michaellrichardson.com> RE: [NYLXS - HANGOUT] General Membership Meeting Tuesday Night 11-15-2005
  30. 2005-11-10 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] Viruses exploit Sony DRM software
  31. 2005-11-10 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] Even Better SONY's left and right hands
  32. 2005-11-11 From: "Inker, Evan" <EInker-at-gam.com> RE: [NYLXS - HANGOUT] Viruses exploit Sony DRM software
  33. 2005-11-11 From: "rc" <ray-pub-at-rcn.com> Subject: [NYLXS - HANGOUT] Monitors
  34. 2005-11-15 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] General Membership Meeting Thursday Night 11-17
  35. 2005-11-15 From: "Inker, Evan" <EInker-at-gam.com> RE: [NYLXS - HANGOUT] General Membership Meeting Tuesday Night 11
  36. 2005-11-15 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Europe and the US philosophically divided on open source?
  37. 2005-11-15 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Open source: Developing markets and anti-Americanism (Part 2)
  38. 2005-11-15 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [Fwd: Press Release: Second Annual FDA Information Management
  39. 2005-11-15 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Suse 10.0 is Out!
  40. 2005-11-15 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] Amy Harmon is at it again
  41. 2005-11-16 Contrarian <adrba-at-nyct.net> Re: [NYLXS - HANGOUT] Monitors
  42. 2005-11-16 Contrarian <adrba-at-nyct.net> Re: [NYLXS - HANGOUT] Amy Harmon is at it again
  43. 2005-11-16 From: <mlr52-at-michaellrichardson.com> Re: [NYLXS - HANGOUT] Suse 10.0 is Out!
  44. 2005-11-16 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] Sony pulls copy-protected CDs from shelves
  45. 2005-11-16 From: <mlr52-at-michaellrichardson.com> Re: [NYLXS - HANGOUT] Sony pulls copy-protected CDs from shelves
  46. 2005-11-16 Contrarian <adrba-at-nyct.net> Re: [NYLXS - HANGOUT] Monitors
  47. 2005-11-16 Mark Simko <msimko-at-optonline.net> Re: [NYLXS - HANGOUT] Monitors
  48. 2005-11-16 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] Re: New to Linux
  49. 2005-11-16 From: "J.E. Cripps" <cycmn-at-nyct.net> Re: [NYLXS - HANGOUT] Monitors
  50. 2005-11-16 From: <mlr52-at-michaellrichardson.com> Re: [NYLXS - HANGOUT] Monitors
  51. 2005-11-18 From: "rc" <ray-pub-at-rcn.com> RE: [NYLXS - HANGOUT] Monitors
  52. 2005-11-18 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [Fwd: E-Update for the Committee on Technology in Government -
  53. 2005-11-18 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [Fwd: [nycsmalltalk] Presentation -- VisualWorks and algorithm
  54. 2005-11-20 Mark Simko <msimko-at-optonline.net> Subject: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging: Video
  55. 2005-11-20 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] [Fwd: JobCircle Weekly Summary of New Jobs]
  56. 2005-11-20 Ruben Safir <ruben-at-mrbrklyn.com> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging:
  57. 2005-11-20 From: "Steve Milo" <slavik914-at-rennlist.net> Re: [NYLXS - HANGOUT] [Fwd: JobCircle Weekly Summary of New Jobs]
  58. 2005-11-20 From: "Steve Milo" <slavik914-at-rennlist.net> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging: Video
  59. 2005-11-20 Ruben Safir <ruben-at-mrbrklyn.com> Re: [NYLXS - HANGOUT] [Fwd: JobCircle Weekly Summary of New Jobs]
  60. 2005-11-20 Mark Simko <msimko-at-optonline.net> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging: Video
  61. 2005-11-20 Ruben Safir <ruben-at-mrbrklyn.com> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging:
  62. 2005-11-21 Contrarian <adrba-at-nyct.net> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging:
  63. 2005-11-21 Contrarian <adrba-at-nyct.net> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging:
  64. 2005-11-21 From: "Steve Milo" <slavik914-at-rennlist.net> Subject: [NYLXS - HANGOUT] =?utf-8?Q?Re:_[NYLXS_-_HANGOUT]_(Fwd)_Fwd:_Review_of_Compu?=
  65. 2005-11-21 Ruben Safir <ruben-at-mrbrklyn.com> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging:
  66. 2005-11-21 Contrarian <adrba-at-nyct.net> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging:
  67. 2005-11-21 From: <mlr52-at-mycouponmagic.com> Re: [NYLXS - HANGOUT] Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging: Video
  68. 2005-11-21 From: "Steve Milo" <slavik914-at-rennlist.net> Re: [NYLXS - HANGOUT] (Fwd) Fwd: Review of Computer Vote Rigging: Video
  69. 2005-11-22 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] General Membership Meeting Results
  70. 2005-11-22 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] That's Linux on the Line
  71. 2005-11-25 From: "Inker, Evan" <EInker-at-gam.com> Subject: [NYLXS - HANGOUT] FSF keeps pushing for Microsoft server protocols
  72. 2005-11-26 From: "rc" <ray-pub-at-rcn.com> RE: [NYLXS - HANGOUT] Suse 10.0 is Out!
  73. 2005-11-28 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [NYLXS - HANGOUT] Jobs
  74. 2005-11-30 From: "rc" <ray-pub-at-rcn.com> RE: [NYLXS - HANGOUT] Suse 10.0 is Out!
  75. 2005-11-30 Contrarian <adrba-at-nyct.net> Subject: [NYLXS - HANGOUT] Second anti-DRM demonstration today

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!