Re: [luau] Apache exploit circulating, users urged to patch

Fri, 21 Jun 2002 12:15:14 -1000

Patching this is important on any system, but remember that on 32 bit UNIX systems, it's only a DoS attack. So if you have your apache limits tuned down like I do, limited damage should be possible (I only allow like 5 children on my server...). However, if you're on Win32 or a 64 bit UNIX platform (UltraSparc, IA-64, x86-64, Alpha, etc) make sure you patch IMMEDIATELY as there is the possibility of running arbitrary code as the user apache is running as. This alone is good enough to get a worm going, and the worm will DoS 32bit systems as it attempts to spread. 

--MonMotha

Warren Togami wrote:

Patch your Apache, and please spread the word to everyone you know that
is running Apache.  This applies to home systems too, even if you think
your system is "not important".

Red Hat Apache update
http://linuxtoday.com/news_story.php3?ltsn=2002-06-20-010-26-SC-RH-SV
Mandrake Apache update
http://linuxtoday.com/news_story.php3?ltsn=2002-06-21-010-26-SC-MD-SV
Debian Apache update
http://linuxtoday.com/news_story.php3?ltsn=2002-06-21-009-26-SC-DB-SV
Trustix Apache update
http://linuxtoday.com/news_story.php3?ltsn=2002-06-20-016-26-SC-SV
SOT Linux Apache update
http://linuxtoday.com/news_story.php3?ltsn=2002-06-20-015-26-SC-SV-SW
SuSE Apache update
http://linuxtoday.com/news_story.php3?ltsn=2002-06-19-023-26-SC-SV-SS

http://www.idg.net/ic_877484_1794_9-10000.html
Apache exploit circulating, users urged to patch

If users have put off patching their Apache Web servers against the
vulnerability discovered Monday, they should wait no longer, as an
exploit to attack the security hole is now circulating on the Internet,
according to Oliver Friedrichs, director of engineering at SecurityFocus
Inc.

The exploit -- a tool which makes attacking a vulnerability easier --
was posted to the Bugtraq security email list on Wednesday, Friedrichs
said.

The existence of an exploit "makes the possibility of a worm that
targets these (systems) more likely," he said.
(continued in article)

_______________________________________________
LUAU mailing list
[EMAIL PROTECTED]
http://videl.ics.hawaii.edu/mailman/listinfo/luau

Reply via email to