Re: Apache worm in the wild

From: Brett Glass (brettat_private)
Date: Fri Jun 28 2002 - 10:27:13 PDT

Next message: DownBload: "SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)"

Previous message: David Conrad: "Re: Remote buffer overflow in resolver code of libc"
In reply to: flynnat_private: "Re: Apache worm in the wild"
Next in thread: Mihai (Cop) Moldovanu: "Re: Apache worm in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 05:38 AM 6/28/2002, flynnat_private wrote:

>I wonder how many variants of this kind of thing we'll see, but I assume most people 
>running Apache have upgraded already.

Upgrading Apache may prevent your system from being taken over,
but it doesn't necessarily prevent it from being DoSed. One of
my Apache servers, which had been upgraded to 2.0.39, went berserk 
on June 25th, spawning the maximum number of child processes and
then locking up. The server did not appear to have been infiltrated,
but the logs were filled with megabytes of messages indicating that
the child processes were repeatedly trying to free chunks of memory 
that were already free. Probably the result of an attempted exploit
going awry. (It could have been aimed at Linux, or at a different
version of Apache; can't tell. But clearly it got somewhere, though
not all the way.)

--Brett

Next message: DownBload: "SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)"
Previous message: David Conrad: "Re: Remote buffer overflow in resolver code of libc"
In reply to: flynnat_private: "Re: Apache worm in the wild"
Next in thread: Mihai (Cop) Moldovanu: "Re: Apache worm in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 21:51:16 PDT