Re: New worm segfaults apache

From: hanz@inter-tel.net
Date: Tue Sep 18 2001 - 17:15:02 PDT

Next message: Arnold, Jamie: "RE: Explorer Dr. Watsons"

Previous message: William Holmberg: "RE: McAffee and Removal for W32/Nimda@MM?"
In reply to: Chip McClure: "Re: New worm segfaults apache"
Next in thread: robhat_private: "RE: New worm segfaults apache"
Next in thread: Chris Hardie: "Re: New worm segfaults apache"
Reply: robhat_private: "RE: New worm segfaults apache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Apache 1.3.20, freebsd 4-2 release no segfaults either..no problems and
lots of requests. about one probe every 2 mins or so..

-H

----- Original Message -----
From: "Chip McClure" <vhm3at_private>
To: "bugtraq" <bugtraqat_private>
Cc: <incidentsat_private>
Sent: Tuesday, September 18, 2001 2:46 PM
Subject: Re: New worm segfaults apache


: -----BEGIN PGP SIGNED MESSAGE-----
: Hash: SHA1
:
: Which version of apache, and what OS are you running?
:
: Running Apache 2.0.16, FreeBSD 4.3 - never had a segfault - and a ton
of
: probes against it.
:
: - ----
: Chip McClure
: Sr Unix Administrator
: GigGuardian, Inc.
:
: http://www.gigguardian.com/
: - ----
:
: On Tue, 18 Sep 2001, bugtraq wrote:
:
: > Hello,
: >
: >
: > Over 15 times my apache has segfaulted whenever I get scanned by
this worm.
: >
: > Sep 18 13:30:15 cgisecurity /kernel: pid 35290 (httpd), uid 1003:
exited on signal 11
: > Sep 18 13:38:03 cgisecurity /kernel: pid 35390 (httpd), uid 1003:
exited on signal 11
: > Sep 18 14:06:00 cgisecurity /kernel: pid 35391 (httpd), uid 1003:
exited on signal 11
: > Sep 18 14:20:51 cgisecurity /kernel: pid 35453 (httpd), uid 1003:
exited on signal 11
: > Sep 18 15:27:22 cgisecurity /kernel: pid 35740 (httpd), uid 1003:
exited on signal 11
: > ^C
: >
: > Any idea why apache is segfaulting? I have 250 megs of free ram
without proccess limits and
: > it segfaults. Also I tried every string and have been unable to
replicate it manually.
: >
: > - adminat_private
: >
: >
:
> ----------------------------------------------------------------------
------
: > This list is provided by the SecurityFocus ARIS analyzer service.
: > For more information on this free incident handling, management
: > and tracking system please see: http://aris.securityfocus.com
: >
: >
:
: -----BEGIN PGP SIGNATURE-----
: Version: PGP 6.5.8
: Comment: Made with pgp4pine 1.76
:
: iQA/AwUBO6fAm4xq/3tb9j7EEQLsTgCg4+kUpMA7ahooaUjEN0a54/4+moMAnjLg
: BCMdUGBiTsZO1naN1xrc4Pjc
: =i0xv
: -----END PGP SIGNATURE-----
:
:
:
: ----------------------------------------------------------------------
------
: This list is provided by the SecurityFocus ARIS analyzer service.
: For more information on this free incident handling, management
: and tracking system please see: http://aris.securityfocus.com
:
:


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Arnold, Jamie: "RE: Explorer Dr. Watsons"
Previous message: William Holmberg: "RE: McAffee and Removal for W32/Nimda@MM?"
In reply to: Chip McClure: "Re: New worm segfaults apache"
Next in thread: robhat_private: "RE: New worm segfaults apache"
Next in thread: Chris Hardie: "Re: New worm segfaults apache"
Reply: robhat_private: "RE: New worm segfaults apache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 17:52:41 PDT