- Change language to:
Hmm! Today i noticed in my webserver logs that I got an increase in the XML_RPC_PHP Remote Execution vulnerability. After a little search (yes ofcourse little, it’s my job to know this and where to look, in this case on dshield.org), i found out that dshield.org reported a new worm that is making use of vulnerabilities within XML_RPC(Pear and PHP extension).
What does that have to do with me? why do you write about it? Well basically, if my webserver gets hit by this, and dshield puts out an alert, then guess what you will be affected as well. You are vulnerable if you have a version of XML_RPC which is not up to date yet.
Dshield reports the following(http://isc.sans.org/diary.php?storyid=829):
19518 - phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
18600 - Serendipity XML-RPC for PHP Remote Code Injection Vulnerability
18601 - WordPress < 1.5.1.2 Multiple Vulnerabilities
18640 - Drupal XML-RPC for PHP Remote Code Injection Vulnerability
16189 - AWStats configdir parameter arbitrary cmd exec
are being slammed in the wild. As you can see these are all popular applications used on the world wide internet. To see what you can do about it, please read the VuXML pages of FreeBSD. They have a very well documented item about it and also give references to the solution, the actual problem and such. You can find it here: http://www.vuxml.org/freebsd/e65ad1bf-0d8b-11da-90d0-00304823c0d3.html
So do everybody a favor and patch yourself for this. Thanks!