Security

Serious flaw discovered in Apache

By Iain Thomson
Mar 10, 2010 12:48 AM
Tags: apache | flaw | isapi | memory | serious | software

IT admins warned to upgrade immediately.

Security researchers have warned of a serious flaw in the Apache web server software that could allow hackers to gain system privileges.

The flaw is found in Apache 2.2.14 and earlier versions where the software is being run on Windows systems, but the latest version 2.2.15 fixes the exploit. Users are advised to upgrade immediately.

"By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory," said the advisory from Sense of Security.

"However, function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability."

Proof-of-concept code for the attack has already been produced, in which a sos.txt file is sent to the system and is available for download.

Copyright ©v3.co.uk

  • Email a Friend
  • Print Page
Serious flaw discovered in Apache
3 comments in this discussion
"Grr .. I had to pay for a remote reboot when I accidentally halted one of our servers one day - the remote reboot mechanism apparently doesn't work in that case :-/ I'll never live that one down. ..."
By Sams
 
Related Articles
Breaking Stories
 
Comments: 3
Thoughts on this article? Add a comment below.
Sams
Mar 10, 2010 8:53 AM
 Luckily we don't run Windows servers ... oh wait .. it isn't luck.
Res
Mar 10, 2010 10:05 AM
 LOL @ Sams, I agree. However windows servers are good for colo business, nice remote hands income for all the reboot *chuckles*
Sams
Mar 10, 2010 12:26 PM
 Grr .. I had to pay for a remote reboot when I accidentally halted one of our servers one day - the remote reboot mechanism apparently doesn't work in that case :-/ I'll never live that one down. It's been a long time since I've had to reboot due to anything other than kernel upgrades. It is not uncommon to see 100+ days between reboots on our servers.
Comment:
Want to participate in the discussion?
Or log in now to comment
 
 
 
Top Stories
Oracle shuts down open source test servers
Oracle shuts down open source test servers
Playing nice with the open source community, Larry?
 
Google hosts election debate
Google hosts election debate
Lundy, Fletcher and Ludlam face off on tech policies.
 
Telstra fined $18.5m for exchange access
Telstra fined $18.5m for exchange access
Kept competitive DSLAM kit out.
 

Latest VideosSee all videos »

Latest Comments
"Now Julia, if only you would promise not to filter the internet in your next term of government ..."
by hsvandrew Jul 31, 2010 9:33 AM
 
"@Nate - my fears are that if we use a national consortium as an interface to international ..."
by heavenlyhaloes Jul 31, 2010 12:41 AM
 
"Did anybody notice that on Apple's website the iPhone is missing the AT&T logo on the top bar? ..."
by brownenicola Jul 30, 2010 10:18 PM
 
"@digger11 - when will you learn just to remain quiet when you don't have all the facts or a ..."
by Bazwalt Jul 30, 2010 7:13 PM
 
"Wakie is right, Digger11 is either an exceptional forum troll or a massive moron. For those who ..."
by Bazwalt Jul 30, 2010 6:51 PM
Polls
Did Google breach the Telecommunications Interception or Privacy Acts during its WiFi wardrive?
   |   View results
Yes. There is no excuse for collecting this data.
  28%
 
No. If your wireless network is unsecured, you have no right to complain
  72%
TOTAL VOTES: 1873

Vote
view previous polls »