[luau] Apache exploit circulating, users urged to patch

Dustin Cross dusty at sandust.com
Fri Jun 21 12:53:01 PDT 2002 

Too bad there aren't any updated/patched binaries for Apache on 64-bit
Unix.  I have looked everywhere for my SuSE Sparc64 system.  Guess I have
to compile it.  Is there anything i need to know about compiling apache and
getting mod_ssl and mod_php to work?

Dusty


> Patching this is important on any system, but remember that on 32 bit
> UNIX systems, it's only a DoS attack.  So if you have your apache
> limits  tuned down like I do, limited damage should be possible (I only
> allow  like 5 children on my server...).  However, if you're on Win32
> or a 64  bit UNIX platform (UltraSparc, IA-64, x86-64, Alpha, etc) make
> sure you  patch IMMEDIATELY as there is the possibility of running
> arbitrary code  as the user apache is running as.  This alone is good
> enough to get a  worm going, and the worm will DoS 32bit systems as it
> attempts to spread.
>
> --MonMotha
>
> Warren Togami wrote:
>> Patch your Apache, and please spread the word to everyone you know
>> that is running Apache.  This applies to home systems too, even if you
>> think your system is "not important".
>>
>> Red Hat Apache update
>> http://linuxtoday.com/news_story.php3?ltsn=2002-06-20-010-26-SC-RH-SV
>> Mandrake Apache update
>> http://linuxtoday.com/news_story.php3?ltsn=2002-06-21-010-26-SC-MD-SV
>> Debian Apache update
>> http://linuxtoday.com/news_story.php3?ltsn=2002-06-21-009-26-SC-DB-SV
>> Trustix Apache update
>> http://linuxtoday.com/news_story.php3?ltsn=2002-06-20-016-26-SC-SV SOT
>> Linux Apache update
>> http://linuxtoday.com/news_story.php3?ltsn=2002-06-20-015-26-SC-SV-SW
>> SuSE Apache update
>> http://linuxtoday.com/news_story.php3?ltsn=2002-06-19-023-26-SC-SV-SS
>>
>> http://www.idg.net/ic_877484_1794_9-10000.html
>> Apache exploit circulating, users urged to patch
>>
>> If users have put off patching their Apache Web servers against the
>> vulnerability discovered Monday, they should wait no longer, as an
>> exploit to attack the security hole is now circulating on the
>> Internet, according to Oliver Friedrichs, director of engineering at
>> SecurityFocus Inc.
>>
>> The exploit -- a tool which makes attacking a vulnerability easier --
>> was posted to the Bugtraq security email list on Wednesday, Friedrichs
>> said.
>>
>> The existence of an exploit "makes the possibility of a worm that
>> targets these (systems) more likely," he said.
>> (continued in article)
>>
>> _______________________________________________
>> LUAU mailing list
>> LUAU at videl.ics.hawaii.edu
>> http://videl.ics.hawaii.edu/mailman/listinfo/luau
>>
>
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau

More information about the LUAU mailing list