New Php problems ...
Php users, Update php and AV sigs, MS users, Update your AV sigs....
A few of the pairs of eyes in the FOSS (Free and Open Source Software) community recently looked over the security of php, and as a result of that community effort developers released new versions in a flurry last week. If you haven't updated, please do so asap. A php Internet worm released on 12/25/2004 that doesn't use php bulletin boards - it attacks "ALL php scripts/pages which are vulnerable to a "File Inclusion" Flaw". K-OTik Security has issued an Alert to clarify issues relating to whether or not php worms commonly named santy.c and santy.e attack bulletin boards. They have demonstrated that a php worm released on 12/25/2004 and commonly called santy.c and santy.e has had incorrect information associated with the descriptions of it that may delude you into thinking that, since you do not use php bulletin boards, your server is not at risk. K-OTik Security has named this the PhpInclude.Worm and their alert is emphatic that "This worm attacks ALL php scripts/pages which are vulnerable to a "File Inclusion" Flaw (related to an insecure use of the Include() & Require() functions). These "programming" flaws are independent from the server's PHP version, they result from common coding mistakes" K-OTik has described this worm as a significant threat.
Why does K-OTik publishes the code on the net?! I have my own thougths on publishing such code on the internet. Everybody can easily grab this code and create their own worm or virus with it. Is it not enough just to publish the news on the net? Publishing such code on the net is for me the same as what virus writers are publishing on their websites... if you know what I mean. Again an example from what I call 'unethical code publishing'. The internet is really becoming the playground for such people.
A few of the pairs of eyes in the FOSS (Free and Open Source Software) community recently looked over the security of php, and as a result of that community effort developers released new versions in a flurry last week. If you haven't updated, please do so asap. A php Internet worm released on 12/25/2004 that doesn't use php bulletin boards - it attacks "ALL php scripts/pages which are vulnerable to a "File Inclusion" Flaw". K-OTik Security has issued an Alert to clarify issues relating to whether or not php worms commonly named santy.c and santy.e attack bulletin boards. They have demonstrated that a php worm released on 12/25/2004 and commonly called santy.c and santy.e has had incorrect information associated with the descriptions of it that may delude you into thinking that, since you do not use php bulletin boards, your server is not at risk. K-OTik Security has named this the PhpInclude.Worm and their alert is emphatic that "This worm attacks ALL php scripts/pages which are vulnerable to a "File Inclusion" Flaw (related to an insecure use of the Include() & Require() functions). These "programming" flaws are independent from the server's PHP version, they result from common coding mistakes" K-OTik has described this worm as a significant threat.
Why does K-OTik publishes the code on the net?! I have my own thougths on publishing such code on the internet. Everybody can easily grab this code and create their own worm or virus with it. Is it not enough just to publish the news on the net? Publishing such code on the net is for me the same as what virus writers are publishing on their websites... if you know what I mean. Again an example from what I call 'unethical code publishing'. The internet is really becoming the playground for such people.
posted by Eddy Willems at 7:45 am
<< Home