It's a cpanel vulnerability, Apache is merely modified by the payload to help it spread. Seriously, giving a web server process root -- what the hell are those guys thinking?
That is why this thing is overhyped. Yes it's a problem but only on grossly msiconfigured servers. They might as well left the Root password as "password"
doesn't look so scary (Score:5, Insightful)
Only cpanel apaches vulnerable and modified httpd easily found by grep'ing a string?
*yawn*
Re: (Score:5, Insightful)
It's a cpanel vulnerability, Apache is merely modified by the payload to help it spread. Seriously, giving a web server process root -- what the hell are those guys thinking?
Re: (Score:4, Insightful)
Bingo.
That is why this thing is overhyped. Yes it's a problem but only on grossly msiconfigured servers. They might as well left the Root password as "password"
Re: (Score:2, Funny)
incorrect is much better choice, that way the system reminds you if you forget it
Re:doesn't look so scary (Score:1)
I use "Iforgot"