[ISN] Kremlin Site Vulnerable to Attack

From: InfoSec News (isnat_private)
Date: Mon Jun 24 2002 - 02:37:58 PDT

  • Next message: InfoSec News: "Re: [ISN] Pro-Islamic hackers join forces"

    By Brian McWilliams 
    11:28 a.m. June 21, 2002 PDT 
    Potentially millions of websites -- including the new, reportedly
    invincible home page of Russian President Vladimir Putin -- may become
    easy prey for hackers if their administrators don't promptly upgrade
    their software.
    The new Kremlin site, launched Thursday, underwent three months of
    testing to ensure it is "almost hacker-proof," according to a Reuters
    story published Friday. The report said almost 100 hackers attempted
    to break into Putin's site in its first 24 hours of operation.
    But independent tests of the Russian president's website revealed
    Friday that it was running an outdated version of the popular Apache
    Web server that could be vulnerable to a recently discovered security
    Data provided by research firm Netcraft showed that Putin's site was
    using the Red-Hat Linux operating system with Apache version 1.3.20.  
    Netcraft's data was corroborated by a security scanner from eEye
    Digital Security, which examines a Web server's "banner" to determine
    if it is vulnerable to the Apache flaw, according to chief hacking
    officer Marc Maiffret.
    On Monday, the U.S. government-funded Computer Emergency Response Team
    warned that a security flaw in Apache versions 1.2.2 through 1.3.24
    could allow remote attackers to execute malicious programs on
    vulnerable servers. The Apache Software Foundation has advised
    administrators to upgrade immediately to the latest version of the Web
    server software that is not prone to the "chunked-encoding" bug.
    In use on more than 10 million active websites, Apache is the most
    popular Web server used on the Internet, with over 60 percent market
    share, according to Netcraft. The program runs on several Unix-based
    operating systems as well as on Microsoft's Windows.
    The security of some Apache sites was especially threatened Wednesday
    when a research group called Gobbles Security released a tool designed
    to allow attackers to take control of unpatched Apache installations
    running on the OpenBSD operating system.
    A Gobbles representative told Wired News Friday that the group intends
    to publish a new version of the program that additionally exploits the
    Apache flaw on unpatched FreeBSD and NetBSD machines "with a 100
    percent success rate." Gobbles said it also has developed, but not
    publicly released, exploits for the Sun Solaris and Linux operating
    Officials at Ayaxi, the Moscow firm that developed Putin's site, were
    not immediately available.
    According to Netcraft, more than a dozen websites operated by the
    Russian Federation were also running unpatched versions of Apache.  
    Representatives of the Russian Government Internet Network did not
    immediately respond to requests for information.
    Following the release of Gobbles' "Apache-Scalp" program,
    SecurityFocus.com raised its "ThreatCon Rating" to Level 3, the first
    time the security information firm has issued such a warning since the
    Nimda worm hit the Internet last September.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 05:27:42 PDT