[Gllug] Apache REMOTE ROOT exploit

Stephen Harker steve at pauken.co.uk
Mon Jun 24 10:23:09 UTC 2002


I sent this on Friday but it didn't get through??!!
Mandrake are still on 1.3.24. Hrumph.
Steve

----------  Forwarded Message  ----------

Subject: Re: [Gllug] Apache REMOTE ROOT exploit
Date: Fri, 21 Jun 2002 15:09:34 +0100
From: Stephen Harker <steve at pauken.co.uk>
To: gllug at linux.co.uk

On Friday 21 June 2002 10:37, Thom May wrote:
> As this hasn't been posted, and not everyone on here follows all the
> security lists (I guess) the hole found in Apache and Apache2 a few days
> ago has now been confirmed to be remotely exploitable to gain root under
> Linux (32bit _and_ 64bit platforms), OpenBSD, FreeBSD and Solaris(x86 +
> Sparc). it is strongly suggested that anyone running apache should upgrade
> to 1.3.26/2.0.39 at the earliest possible time.
> Cheers,
> -Thom

Well I'm fairly disgusted that Mandrake haven't posted an updated binary to
either their current 8.2 release or even cooker which is still on 1.3.24.
This patch has been out for three days now. They are normally bang up-to-date
on this sort of thing. It is especially embarrassing after their recent
publicity on the increase in adoption of Mandrake Advanced Extranet Server.

http://www.mandrakesoft.com/company/press/pr?n=/pr/products/2236&wslang=en

Wondering what to do. Do I uninstall their packages and reinstall from source
or just hope that no-one gets in until I get a patch. It's running as user
'apache' so at least that's something. The advisory says that the
vulnerability will get you as far as the user the child processes run as and
then I guess they can try and get root from there.

--
Stephen Harker
steve at pauken.co.uk

"The sooner we fall behind, the longer we have to catch up!"


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list