Re: apache problem

From: Bob Johnson (stest032at_private)
Date: Tue Oct 15 2002 - 16:10:31 PDT

Next message: Homer Wilson Smith: "Re: apache problem"

Previous message: Ron Trenka: "Re: Source of Windows PopUp SPAM"
In reply to: cory: "Re: apache problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 15 October 2002 09:53 am, cory appears to have written:
> This is a DoS from the chunk encoding exploits produced earlier this
> year.
>
> http://httpd.apache.org/info/security_bulletin_20020617.txt
>

Except that bulletin is obsolete.  Read this one instead:

http://httpd.apache.org/info/security_bulletin_20020620.txt

It is exploitable on 32-bit platforms.  

- Bob

> cheers,
> loon
>
> Andre Guimaraes wrote:
> >Hi all,
> >
> >I have one webserver dedicated for a client communication running
> > apache 1.3.22-6 on linux red hat 7.3 and almost unused. Today the
> > machine had no memory or swap left (1 gig memory,512 meg swap).
> > Analyzing the error logs I found this:
> >
> >Lots of in /var/log/messages:
> >Oct 12 20:31:24 web01 kernel: Out of Memory: Killed process 1023
> > (httpd). Oct 12 20:31:52 web01 kernel: Out of Memory: Killed
> > process 1016 (httpd). Oct 12 20:32:22 web01 kernel: Out of Memory:
> > Killed process 1020 (httpd). Oct 12 20:34:04 web01 kernel: Out of
> > Memory: Killed process 1026 (httpd). Oct 12 20:34:53 web01 kernel:
> > Out of Memory: Killed process 1025 (httpd). Oct 12 20:35:55 web01
> > kernel: Out of Memory: Killed process 1031 (httpd).
> >
> >Lots of this in error log:
> >[Sat Oct 12 20:41:44 2002] [error] child process 1227 still did not
> > exit, sending a SIGKILL
> >[Sat Oct 12 20:41:44 2002] [error] child process 1228 still did not
> > exit, sending a SIGKILL
> >[Sat Oct 12 20:41:46 2002] [error] could not make child process 1072
> > exit, attempting to continue anyway
> >[Sat Oct 12 20:41:46 2002] [error] could not make child process 1080
> > exit, attempting to continue anyway
> >
> >Few minutes before in error log:
> >[Sat Oct 12 20:16:19 2002] [error] [client 217.223.216.186] client
> > sent HTTP/1.1 request without hostname (see RFC2616 section 14.23):
> > /
> >
> >[Sat Oct 12 20:21:09 2002] [error] [client 207.99.78.36] request
> > failed: erroneous characters after protocol string: CONNECT
> > maila.microsoft.com:25 / HTTP/1.0
> >
> >This connect maila looks like someone trying to find some kind of
> > proxy. What about the empty hostname? I cant figure out why that
> > happened.
> >
> >Thanks



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Homer Wilson Smith: "Re: apache problem"
Previous message: Ron Trenka: "Re: Source of Windows PopUp SPAM"
In reply to: cory: "Re: apache problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 16:04:45 PDT