11-08-2005, 09:42 AM
Quote:We have received a few reports on an attack exploiting xml-rpc for php vulnerability.
xml-rpc for php is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare and TikiWiki. When exploited, this could compromise a vulnerable system. Most of these packages should have xml-rpc for php vulnerability fixed in the latest version. If you are still running an old version, you should get it updated immediately.
From the submitted logs, it attempts to wget a remote access Trojan from one system and using the Trojan to try to connect to another site via port 8080.
full article: http://isc.sans.org/diary.php?storyid=823
A full list of the scripts, operating systems and php versions that are at risk is available here:
http://www.securityfocus.com/bid/14088/info