Skip to main content

Mambo worm demonstrates hardening of Linux systems

Linux worm turns on Mambo and PHP” opines Iain Thomson. Oh, woe, disaster, shades of CodeRed!

Not.

While it’s nice for admins to have something to do and all, and it reminds us slackers (Linux admins) that nothing is completely bulletproof, I have to express significant disappointment at the shallowness of the challenge. Why?

  • Mare.D relies upon a brace of exploits which are six and twelve months old, respectively. Any reasonably modern Linux distribution will competently self-update if told to do so. Even on a lazy once-a-week update cycle, this worm is eleven and three quarters months too late.
  • It relies upon Mambo. Who runs Mambo? None of my machines, none of any of my clients’ machines. This sucker’s playing to a very small audience. Mambo has a new security announcement; maybe next year we’ll see another worm for it? (-:
  • Even if Mambo were broken into, the exploit would download into a partition mounted “noexec” on all of my servers. GAME OVER EXPLOITER <1> and better luck next time.
  • The downloaded shell script requires access to a particular application — which may or may not be installed on any given system — to pull down the main part of the exploit.
  • The vulnerability requires PHP’s register_globals setting to be enabled, but it has been defaulted to off for the last four years.
So, well, yes, it could be a nightmare, but then again all of the molecules of air in the room could simultaneously happen to bounce out the door at once, exploding your lungs from the sudden decompression and smashing whatever’s outside your office to kindling. Just don’t bet your last dollar on it ever happening.

Comments

Post a Comment

Popular posts from this blog

new life for an old (FTX) PSU, improved life for one human

the LEDs on this 5m strip happen to emit light centred on a red that does unexpectedly helpful things to (and surprisingly deeply within) a human routinely exposed to it. it has been soldered to a Molex connector, plugged into a TFX power supply from a (retired: the MoBo is cactus) Small Form Factor PC, the assorted PSU connectors (and loose end from the strip) have been taped over. the LED strip cost $10.24 including postage, the rest cost $0, the PSU is running at 12½% of capacity, consumes less power than a laptop plug-pack despite running a fan. trial runs begin today.
Post a Comment
Read more

every-application-is-part-of-a-toolkit at work

I have a LibreOffice Impress slideshow that I wish to turn into a narrated video. 1. export the slideshow as PNG images (if that is partially broken — as at now — at higher resolutions, Export Directly as PDF then use ‘pdftoppm’ (from the poppler-utils package) to do the same). 2. write a small C program (63 lines including comments) to display those images one at a time, writing a config file entry for Imagination (default transition: ‘cross fade’) based on when the image-viewer application (‘display,’ from the GraphicsMagick suite) is closed on each one; run that, read each image aloud, then close each image in turn. 3. run ‘Imagination’ over the config file to produce a silent MP4 video with the correct timings. 4. run ‘Audacity’ to record speech while using ‘SMPlayer’ to display the silent video, then export that recording as a WAV file. 4a. optionally, use ‘TiMIDIty’ to convert a non-copyright-encumbered MIDI tune to WAV, then import that and blend it with the speech (as a quiet b...
1 comment
Read more

boundaries

pushing the actual boundaries of the physical (not extremes, the boundaries themselves) can often remove barriers not otherwise perceived. one can then often resolve an issue itself, rather than merely stonewalling at the physical consequences of the issue.
Post a Comment
Read more