Hi guys, Upgrade to the latest apache should not be an option but should be mandatory. I just had a time today to exploit my Apache 1.3.24.
So now, my 5 httpd eats up almost my whole cpu. PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 97450 root 61 0 49900K 13988K RUN 1:40 18.36% 18.36% httpd 97445 root 59 0 52588K 14756K RUN 1:41 18.12% 18.12% httpd 97448 root 59 0 51052K 14244K RUN 1:41 17.92% 17.92% httpd 97449 root 59 0 51948K 14740K RUN 1:41 17.77% 17.77% httpd 97474 root 58 0 9836K 4596K RUN 0:08 18.77% 15.67% httpd 97476 root 38 0 1904K 932K RUN 0:01 2.60% 1.86% top Even if I stop-start it, it's still high. My httpd is compromised. :) I will upgrade tonight to the latest or what about this, nc -l -p 80 then have it run by tcpserver :) quite cool eh! And could act like a honeypot for web later guys ----- Original Message ----- From: "Ian C. Sison" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, June 22, 2002 1:57 PM Subject: [plug] Re: [ph-linux-newbie] APACHE EXPLOIT CIRCULATING, USERS URGED TO PATCH > > UNfortunately, the original apache announcement was inaccurate. They now > have an update, which says: > > - 32bit systems are indeed just a vulnerable as 64bit systems. > - an exploit is available in the wild! > > ============================================== > > This follow-up to our earlier advisory is to warn of known-exploitable > conditions related to this vulnerability on both 64-bit platforms and > 32-bit platforms alike. Though we previously reported that 32-bit > platforms were not remotely exploitable, it has since been proven by > Gobbles that certain conditions allowing exploitation do exist. > > Successful exploitation of this vulnerability can lead to the execution of > arbitrary code on the server with the permissions of the web server child > process. This can facilitate the further exploitation of vulnerabilities > unrelated to Apache on the local system, potentially allowing the intruder > root access. > > ============================================== > > So i guess the urgency to upgrade should be a priority after all. > > > > > On 22 Jun 2002, Maxi M. Bernales, Jr. wrote: > > > Agree. > > > > The apache bug cannot compromise your system. DOS ang mangyayari sa > > iyo. > > > > To avoid this, download the latest apache version because they released > > a fix for this problem. > > > > Maxi > > > > > > On Fri, 2002-06-21 at 17:53, Ian C. Sison wrote: > > > > > > Teka teka teka. Teka lang.. > > > > > > Again, to avoid mass hysteria, please note that apache running on intel 32 > > > bit linux platforms (which will be around 99% of those in PLUG) is only > > > vulnerable in the sense that the httpd binary will core dump, the result > > > being that the system will need to re-spawn a new instance of httpd. The > > > resultant tear down and bring up will result in a limited DoS on systems > > > wherein apache's footprint is large (read: statically linked mod_perl or > > > php). > > > > > > So for 99% of you, the worst possible scenario is a webserver trashing > > > and going up and down, assuming someone actually runs a fairly good DoS > > > program based on the exploit. No remote root here, so the urgency is not > > > as high as it may seem to be. > > > > > > Ian > > > > > > > > > On Fri, 21 Jun 2002, Miguel G. de Leon wrote: > > > > > > > FYI > > > > > > > > APACHE EXPLOIT CIRCULATING, USERS URGED TO PATCH > > > > (Source: IDG.net) If users have put off patching their Apache Web > > > > servers against the vulnerability discovered Monday, they should > > > > wait no longer, as an exploit to attack the security hole is now > > > > circulating on the Internet. > > > > http://www.idg.net/go.cgi?id=702555 > > > > > > > > miguel > > > > _______________________________________________ > > > > ph-linux-newbie mailing list > > > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > > plug website http://plug.linux.org.ph > > > > to unsubscribe, send 'unsubscribe' to [EMAIL PROTECTED] > > > > > > > > > > _______________________________________________ > > > ph-linux-newbie mailing list > > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > plug website http://plug.linux.org.ph > > > to unsubscribe, send 'unsubscribe' to [EMAIL PROTECTED] > > > > > > _______________________________________________ > > ph-linux-newbie mailing list > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > plug website http://plug.linux.org.ph > > to unsubscribe, send 'unsubscribe' to [EMAIL PROTECTED] > > > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
