Re: Apache Worm?

From: Steve Bremer (stevebat_private)
Date: Wed Jun 19 2002 - 06:22:28 PDT

  • Next message: David Jacoby: "Shoutcast Admin password bruteforce tool"

    > what would be the likely hood a cracker could turn this into a
    > internet worm, and what would the possible destruction be?  I'm 
    aware
    > still over 50% of the webservers are running apache, but the 
    diffrent
    > distros might cause somewhat of a problem. would it not? ~ack -- 
    
    
    From what I've read about the vulnerability, the worst that could 
    happen on a 32-bit *nix platform is a DoS attack.  I don't have any 
    statistics to back it up, but I would bet that most Apache installations 
    are on 32-bit *nix.  When you consider the primary platform for 
    OSes like FreeBSD, OpenBSD, and Linux are 32-bit Intel, I think it's 
    a pretty safe bet.  
    
    So, a worm similar to Nimda that takes advantage of this 
    vulnerability probably won't have anywhere near the impact on 
    Apache since most vulnerable Apache installations won't be 
    susceptible to remote code execution. 
    
    Those running Apache on Windows and 64-bit *nix should be very 
    careful however.  Everyone, regardless of their platform, should 
    upgrade to a fix version or patch their existing version.
    
    Steve Bremer
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 10:32:37 PDT