On Mon, Jun 05, 2006 at 09:26:55PM +0200, Yves Jean Marie Lambert wrote: > Package: security.debian.org > Severity: critical > Tags: security > Justification: root security hole > > "Enlarge your d1ck" spammers are using a security hole in debian :
Which security hole?
> all zombified system I have tested are running apache 2.054/debian PHP
> 4.3.10.16
> the payload of the trojan began about on may the 23th - I could manage and
> fill
> informations about that at that date, I'm sorry not to have done that before.
> see
All you've shown (told us) is that you have some compromised machines
running PHP, Apache + Debian. That is nowhere near enough to help
resolve this and see if it is a Debian security issue or not.
I'm tempted to just write it off as a security hole in a non-Debian
PHP application, but more investigation would rule that out (or not).
If you believe this is a Debian issue please:
1. Tell us which version(s) of Debian are involved.
2. Show which packages are installed.
3. List any non-Debian locally installed PHP applications.
4. Show us detailed HTTP logs that correspond to the attacks.
I hope that isn't too harsh, but you've given us to little information to
investigate even casually.
Steve
--
signature.asc
Description: Digital signature
