Linux & Open Source - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Linux & Open Source


XML-RPC Threatens Linux, Unix Systems



 By: Paul F. Roberts
2005-11-14
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Linux & Open Source story.


Rate This Article:
Poor Best
A gaggle of new threats that target computers running the Linux and Unix operating systems appears on the Internet.

A gaggle of new threats that target computers running the Linux and Unix operating systems appeared on the Internet last week, challenging administrators more accustomed to threats that target Windows systems.

Anti-virus companies and The SANS Institutes Internet Storm Center advised network administrators to be on the lookout for Internet-borne attacks that target a vulnerability in a common component known as XML-RPC (Remote Procedure Call) for PHP.

The attacks, including a worm, target popular Web applications that run on Linux and Unix systems, by default.

XML-RPC is a communications protocol that allows software running on different platforms to exchange data over the Internet by issuing XML-format RPCs.

XML-RPC for PHP is a version of the protocol written in PHP and used by many Web applications.

Resource Library:

The ISC began receiving reports of attempts to exploit a known hole in some versions of XML-RPC for PHP late last month, followed by a spike in activity on Nov. 2, according to the ISC Web site.

By Nov. 5, ISC was receiving reports of a new variant of a Linux-based worm known as Lupper that was spreading on systems with vulnerable versions of XML-RPC for PHP.

To be vulnerable, PCs need to have XML-RPC for PHP installed, as well as a component that exposes it to the Internet, said Johannes Ullrich, chief technology officer at ISC.

At Boston College, in Chestnut Hill, Mass., administrators saw a large number of attempts to scan Apache or Microsoft Corp. IIS (Internet Information Services) Web servers for the vulnerable component late last week, said David Escalante, BCs director of computer security.

The attacks on BCs network targeted mostly Unix systems, though a Windows 2000 server was also scanned by an intruder who seemed to be in Germany, Escalante said.

The attacks challenged BC staff. XML-RPC for PHP is a standard component that is installed with a large number of Web applications, so server administrators often didnt know whether their server was running the vulnerable component.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

"People who say [security] is just a Microsoft problem need to get their heads out of the sand. Vulnerabilities exist on many operating systems, and, as Microsoft does a better job with security, [malicious hackers] are going to look elsewhere," said Graham Cluley, senior technology consultant at anti-virus company Sophos plc., of Abingdon, England.

Check out eWEEK.coms for the latest open-source news, reviews and analysis.



  Reader Comments: XML-RPC Threatens Linux, Unix Systems
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Linux & Open Source Articles          >>> More By Paul F. Roberts
 


x}r㶲s\@♵M=RJd[klҌ3SDHbL\$e[Y?_v8x -ٞdĶDFh4I"n\:ܢd9|AL=Ta@]2dԵ;s6!7LP_Fܨ`&`1Zm8lRl #: rWü'~h='@IR(h] ( G;i}ǎH;WN83p{f_ʞMbBq<5F7;z~;J 18`TK]K_ëؓ[vkx!Dy!rs#gKݻ`$nPr&N7w#205b )V,#&3Ãбwx 9%Rը>3-@GL: nK>1P:x =3~dȢӸב/*! lV=Rچg?LI$lǦ"uml_j| sqHf*Z"'l,R ?q7tJaH9vL=:CY֍aFY.o@YwGZ*մ*rM)֎Ei΃oĩq#gݨ޾}kB)(U:Gu7Z}nm)y] Z sruO}qN6n9 :NַRߘ 0QT&*rp4K2 t4b= uz+P%opKX+hvd(-bv=ӧ0Cƌ_8RCf9-Ҿoo:6OΏo:Sdo̲5JEӀ Zvf#?ޛ#WۗkU{#j윴{ GlH  Wh6 N/=?_CǙEXCyCa#U~Ff=ni?_tNHN‰,-yt7Q[,r$B&rF~DX*V Q3oF5 tA%4ȌSHzPv@Sl VYKS703K_s;nZK}0[=RFp\ ДaCXذ 1"%̛ hJ@M XR $}ВEtBAxi>]R${3BDȽ`g/3 BD4?CzC7=aLT4f4pϑWM,Dwެu*մ޹-~ӢKsIiH{v87}45 @ Ln0i\+Gݺ~LnXŞ+ Q߭Fm|@T؎(??6 { G`p&{xky05ҡ4}a qjQ?]*3<9@]q2>7}hjiC1QB]jC8dN˵K (G))(/H.B$(ZȻB!Alq [$pXxl+_FZzGBjK%6Os@PG҅3qjX*τbZ z)0ٜʬ$5MGѺń(VFNl(0Vf)RبQm7EHj*|:IoB{<6G&,aCtH{<7-4a [X' -LF3pEql0A ` Sn6[М6,hJ"+H5L6LhH,io<` I<9a* ,qFw! 3Ͱ&q8+owzjr=ʇSMrB9)wdm˴)T۪v39n(!+hWY 2cdRUyrt+[f4ݤ|r%eRr=&"ǰ@7>`(^HIRЙj!@9zէl)>?ΖM%֊eS'/ 7R@]֥PK M2L A-ژ WZD"JMP0 kezdxE6*&CŸZ҆TF 9m |TM.R?jISJUF=n3 $#о'hʰeh8`Zzq8JD5xXPr'RB SK@gZ``ELs ǖYCǖbTیch@,.&I:dzt4}ڣnssQ*J73 RgHR-ʪZJV{}|s??2~2Ejw8pc}ywϷl40zpI -w~L}6݁ r/,|pqZEL[vO`cQ av5 1;?WkJB2By^Yhw\rR" Qp`գ)u7ufv9A#]#@$2]r`3s;M?bL%Jt( yB\U4UeGԻ3ubH:G:0=,()yന^wiYϕSWLjH@Aܚ:{>z,MHT0?z0f&Ш)lTgm/RU *~m;:,]hD1(dyD4@/q8bk lBk}pq@b#RaCݜ5m"uy@VIJXhQ{_6MOOVm(}nq&mno^{9t[̍<9yn2%8z.0JL;/%9 $ہ3Bnbۤs:n&2006^#2!9 =!OR-4SK86=R.R\HG].k|Y{h֏'*)/TʜYEo(QU-q'F.,%9bvvLʪH'٭PS82V6J\)aoA~fZT(0(G܉?^nVɍڽv?fIzG|)AU$UHU(V $}U;*h7xџ6XD+(++i-^2yamD9[ 4wʨKV-,sK"hʌg _|r[rn)tyĆ5Qh#e[,hF["$;V9Kysֹ_xt/7(\$1~Zy0NԼ]$'d0 srnބ'7b7 `[&IEyD=Sk!F;f!mC@ }޴7Y0pz)vB p&qXq!slP6vy8eV쭩  1 kNG:HvZgp6" BB 0FD_TJi)W4f'uSxjto) 5E_g%'k; u\-[N7s+tYD_q+ sz4~& \3Z9n|$݋B2Nlp j_tz`ESrF4/ Í7F "HtSݏC25 &r֚SE[@iLӖ'>fax!w-08D@ISL&M([I;`dea#ݒ:p<5GK:)!OOp|Nh'I^VR6T$4%!44QLNbC]A+Cg һn^mOp6<1ޥ]ƙWxvIl綱yx4*k85(~yNH>ޡ)-&'XuT䵤 g[UHN~DC.6OY-`0!9ϫ|1{~T*۾l3{tQH4S `/# eީӊN|u{ѺB y$smCgLرD}4%/5g3 \:`A)cn ~] js78{JnMu?y{do&<)sǣAlޜu9obJwfimԕeL0#ݥoV8i?{iNiimUzyZ J}~l/t6D(jy[a{wCW_U $]d%FtZx@2M#}ӾJfzӼ2hAxn>7 <}tG7bRJ?+~OGLw.z@%R6{Zg%QJ=,qM@jҒ%E,qQ#{ GXHڃ}AuUL&mquOxӨO;xor:GBf#AVާA3,0eROWnTGXbi6 s: %vl #!փє\b.&uO-}2a~A/FBT~UYd &,x Vt/5;[v{UA}:3m-c$r/u챧c0rZ 5@)e&G.0c9ҜS~U|Șak/>Zok@3}a9X*_{FzܚH^_V rMLFɻu}6 G{ _r喼丩Lx,'Kf5sN H)9@1`˺E``]{gX,&F\d+J=Z)Z?A>׈7^Nt b7=ކďk>R # ZQlrw>u zXVݤSAlz)1T!a:=͜wɎK`IaBNG^ stHĽt]rHukRFG:5 oSKiR,` ~z>7~ȓ'}9?ś'aq6"l _#8!R)rHW'j!&.{c&$U a^KXBlQГL;Rw!}[`I.RVo0HZM),֏s@'&fDtU%ԝiعyM6~z=g}mQݟJ4nKV.UK v"Bf:`5X4\k3g ,?o?SoHEsHl)Kxk+CH_&!9C3*m~txo~o~o~o~o~ѝJ+F+^,x1;_rƘk9gT!@B `wyC`_[}ߣnoƶo~~t0vHQ ϔ\Nt^{νt7&=cqtCu~,RT'Qu3UOW{*ڮӜ)),h ׅEmqN:p$N_ok)I "mֈˡ8pR_oh87KR@v1 ;{EkQ ,h;ȖTDI@"^MH )");k/[u}vĮխ` TOLoi]E:K!pų mƖ/~i[$=17t<𥏦|%v P@9$ G)fxa:_X3Jvc0[Mx?8\co+eqX]fTJZ oɑ{v.KX_yĥfW`nrW?+j/jA =y2 14^/DnMl߼3d!۩)LTm Zߦ̎m_mױև)xQW~tׅdhkkٵgyΜ{lmV)<2k>K?2}6N0W/%4CX!!ZJD:`ѿ\D27J7Lh`p7*DBXWȓwa+ǠK|O 8iQr|j~UWK /<]rQ}=nq:w0|aӲ'It'ݴŵX,hELVHm0w Dxu~@J^݃~OtS`G^;P`܀*ZWqi4sx_``UqĴ}! I7!7}bþŝM̟:"3L eppfSxGl vf0qQCpob䭽ud??ߋn"?3 J?I5?4OXo0d\(ިCx8n }KCP-#@;U=fW|'B9FZYZsʉmO%yx-UEW#܇䏥B7X)ˀW$e &:BaD0‡>q{â{#cY~/ԋnB#j\В0-8ؕĠAIB4ޱĸW\n"9I”XW׼-R-!7GE9DNE07TXC0KSpĻ(ĒAGǤPFpxAҲf0kgrS,Y4ZK7c.%ZE%|Z iE]J1x}[?L̀+5fLN:P;lNz yԥ:BMDEײTBhrF'Z|Y.w>wϾ)fF<{e H'ܺzB9IfXjRGZA)r PcƷ/ođժTjQɊ 6#ÉF[; } Rrt&7\9P[h8gOw_ 6a^zGZq!IG^N>xAfaX4"&s'?7x\vD _K_!0 V8 sF@Yj$O5GԍR8DW# `x P(,Af͢M rվ]M=<2?&­!~RBtSos#s ޙ8LS,0 :Lma`t.t>gQPOnΆ 33f;. l9 :W@ g>򽉡0us-sSRC´vxX->=& .ycI ^yN4X+lL hcp?ݩ9e/( @Ka1c~PoVR$4 >(>gٕa)XUKʗFy |BX*iBR. ?$-G쌆dSA:>1}71h^__|"$76}8t9n_to@p4>Nw[NןN;WU31F;m^kLideANmf)L=\h% E*wDU Gcqy^ L:ۋgQ_dG(Uѿ@۬r o3ڿ\'I73y S*Rq/2苬rXB]fנtp]"&JR˯-cENikr(%s<2g)h{d3-FDkaƾ % ]#=D~(Ksҗ2Fs?`r4YQ =PW.v8)s+s%>| SG0I=M\ڎvڝGfmePcvdmoCdyR$ٟ`Y)W͸QPg냛n=: 훫yf^`,}Uq< 9s u8y$X HL{HNR?j =CjhN_iR'm`'ߛv1Y&ƎIΝrQӊj~JR}' aFAdQ]FTMVYI0ZỸ~,g^9Q(Fuoo*F0nhy=q'a1V1;B&\Cxߏ щwDF]W2fdy3KIB?%R!:7)5@18La5X$P*`)K֞:^χ$ r*gLߟcycU 4V{[d75 桭u¿.-HЙ ? 3NBql 466{Dݴ)9ON鮠WKM&Dr&߲jOG U*AlZ`Sݶ٥1(vE&lybmbbrѱtt['$}'r1{}<# Ⱦ(ty52 ֮hxxc "n+QVWD񇻀Y%4FȊlM Hǀ$aƵTwEVm&ĴG[E=M,gr2OFd}#Oaq1<>y9u9W_˱vahA_*}O nl8cXRݸ3EK~_ N?V7{%B+/ 8>eHC[g2T~{F=*P=gZRO:] n"4Yz'IoF}k_V`ńKأ|4#ev\JT~7(HxҍHqp/>~ElC~&OG ϻ9eKB$uЧs"Ttr!,MNM[G#r1cbV!qdF7-["@ e`F҄AI,T6y *>ݠK6A1^<&;zއ7K#u`g~" V[CA6p8_n90kn>ʷQ$L{ˍt/AKl2qWԷ @FC0!ZY}KE%&(Xp\gA6Ιim9;>Ba2\XGx k͜'ԋOg0xeӵhOXmw0w>L5/#]Z&S`H؂{!gҮ\)VbpC{f:ePeXl'a׀o^zeXٻfw?Έ]Pnãō'XxЭ;[+ qy6`;Щ0 Oٝ{:p3zm6r)^FE]EtA<;=#!q]E>*;A4X3' c/φŀps䞲{~kC'>f kwx:Y:}#s!?!Lnl^:?ʂo/ QF$V/(ylHbK9a,'lu K%br]Mz3 cJ\gۂ~Gk2G S<"Y4.'`)O#xje 3 .^s {ej xٚջHQ#z.fi׃!gn耵]~=&Sǂ!y0Ǖ2D1Le5rŤ3a=U`0MڌkASsLeUTtCBYEL`;X+NJ^9=O9N*D#la, :r3 EV z.3R/4yq{Ϣaʩȩ(vU_|JѬd;ρ/($ʓ}E. xqea #V\r*`wʝX{yB(OW}yٹtC*GUN'ώί}B=FBl4*ŷypMI{CKh,-(ZM $V,"ӳo ~c Whc<y &FϦkuU+kD;ydM^l+(FҢΰ \2LjJZ>۽wߺ"f/On6%c|NKIk^})M39Q/kEsk&|idLp -ͱ=RZ`'l/Z6?O,