There is huge publicity about the Mare.D Linux worm and Mambo on the internet at present. It is not clear how this story started. The only security company to have recorded anything is F-Secure and nobody has been able to contact them for additional information.

This was picked up in a VNUNET story that has been repeatedly copied, more or less verbatim. There is talk of the Mare.D worm and vulnerabilities in XML-RPC and Mambo. But the references to Secunia advisories on these two products are to items dated 29 June 2005 and 21 February 2005 respectively. Both products have been updated since then. Mare.D is also described as having aliases such as such as Linux.Plupii.C, Unix/ShellBot.C which are old worms.

So it is not clear that anything new has happened at all. Maybe this is a hoax, for whatever reason, maybe somebody doesn't know the difference between 2005 and 2006. Please spread this information wherever you can.

You are strongly advised to keep up with security advice from the Mambo team - join the mailing list if you want to be notified of any security news.

NOTE - for a good write up of this, click here

Only registered users can write comments.
Please login or register.

Powered by AkoComment 2.0! ������Mambo�й�