Results 1 to 6 of 6

Thread: security alert

  1. #1
    Join Date
    Aug 2008
    Location
    Victoria, BC Canada
    Beans
    1,578
    Distro
    Ubuntu 13.04 Raring Ringtail

    Exclamation security alert

    SERVER: ATX chassis, 460W, M4A77D, Athlon64 X2 4200+ 65W, 8 GB DDR2, Server 2012 R2 + Hyper-V 4.0

  2. #2
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: security alert

    Good thing I use Nginx.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  3. #3
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,079
    Distro
    Kubuntu Development Release

    Re: security alert

    According to the article, the exploit requires that the Apache daemon be replaced with a corrupted version. Just how does it do that? Last I checked every version of Apache I have running came from CentOS or Ubuntu. Unless their repositories are corrupted how does this exploit take place? The ZDNet article was sadly lacking in important details like that.

    Also they claim it is running on "hundreds" of servers, not a very large fraction when Apache is hosting well over 300 million domain names.

    Charles, the article observes that nginx is the hot up-and-coming contender; it's now hosting 12% or so of web domain names.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #4
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: security alert

    Quote Originally Posted by SeijiSensei View Post
    According to the article, the exploit requires that the Apache daemon be replaced with a corrupted version. Just how does it do that? Last I checked every version of Apache I have running came from CentOS or Ubuntu. Unless their repositories are corrupted how does this exploit take place? The ZDNet article was sadly lacking in important details like that.

    Also they claim it is running on "hundreds" of servers, not a very large fraction when Apache is hosting well over 300 million domain names.

    Charles, the article observes that nginx is the hot up-and-coming contender; it's now hosting 12% or so of web domain names.
    Heh, yeah, Nginx is getting up there too.

    I am in the same boat with the machines I run Apache on - Debian and Ubuntu, but I'm running Nginx on my VPS, cuz it's a tiny one.

    The only way I can think that the Apache executable could be replaced like that is if the server already got owned and someone has root access to do whatever they want with it.

    With that being said, I'm sure there are people who compile Apache manually, but I don't really know how widespread that is and if you are going to be compiling anything, wouldn't you get the package from the official site?

    Overall the article smells like FUD to me, especially since they don't really go into detail about how this exploit is supposed to work.
    Last edited by CharlesA; May 2nd, 2013 at 04:51 PM.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #5
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,079
    Distro
    Kubuntu Development Release

    Re: security alert

    I've compiled Apache from source a few times in my career, but not any time recently. I've compiled PHP as well. Now I let the distribution maintainers handle all that. I no longer find myself bumping up against limitations that are only fixed in more recent releases. I have built from the original source, and from source RPMs as well. (Sometimes I want to enable or, more often as in the case of Kerberos, disable a setting passed to autoconf.)

    I notice that Netcraft reports most people are still using Apache 2.2 when 2.4 is available. I'm sure the fact that RedHat is still distributing 2.2 with backported patches has a lot to do with that. I updated my CentOS 6.2 version of Apache just today; it's still at 2.2.15.
    Last edited by SeijiSensei; May 2nd, 2013 at 05:00 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  6. #6
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: security alert

    I've never compiled Apache from source but I haven't run into things where I would need to.

    I just checked my 12.04 box and it's running Apache 2.2.22 with PHP 5.3.10. I figure security patches and the like are backported on Ubuntu the same way they are on RH, but I am not 100% sure about it.

    That is also why it's a bad idea to rely on security scanners that only check version numbers.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •