Originally posted by papi
The vulnerability in xmlrpc and the dozens of different scripts that use it allows REMOTE PHP EXECUTION ie. anyone can execute php commands from remote incl. script kiddies which no doubt will root thousands of boxes thanks to this one.
YOUR customers can also execute php, do you trust any customer?
Security is more than keeping your customer's scripts up-to-date..
Anyway, there are 2 exploits:
1) XMLRPC for PEAR
2) XMLRPC for PHP
1) Run the following commands:
pear upgrade XML_RPC
If it's updated, your version should be 1.3.1:
root@mcrox [/]# pear list | grep RPC
XML_RPC 1.3.1 stable
2) Upgrade your PHP to version 4.4.0RC2 OR disable XMLRPC by recompiling php without it.
Please note that XMLRPC is needed for Horde and many other customer's scripts, so choose..
You could also add the following rule to mod_security:
like what darksoul suggested, but it wont stop 100% of the exploits..
A better one is: