[conspire] "Lupper Worm" and the patching of bad software

[Ryan Russell]

Rick Moen wrote:
> Oh, by the way, I should stress, also, that none of those are remote
> root exploits:  A successful attack would, in itself, accomplish nothing
> more for the intruder than compromising the Web server, e.g., to deface
> it.  A broader compromise of the attacked host would require that the
> host also have separate, local vulnerabilities that permit escalation of
> privilege to the root (or equivalent) user's authority.

And it continues to spread while running as the non-privileged user, yes?

						Ryan