Breaking News: eBay, Trading Post help catch tax cheats

ZDNet / Security / Story

Apache bug prompts update advice

By Colin Ho, ZDNet.com.au on March 8th, 2010

Topics

apache, bug, exploit, root kit, sense, security

Top related stories

Apache site hacked via SSH keys

Now arts festival website hacked

Defence ordered telcos to block Titstorm

Related gallery

Scanners protect World Cup Aussies: photos

Scanners protect World Cup Aussies: photos

Related video

AusCERT 2010: super variety bucket

Re-tweeted by

timestocome@timestocome April 14th, 2010

ServerTune@ServerTune March 18th, 2010

sanrau@sanrau March 12th, 2010

Phantom_13@Phantom_13 March 12th, 2010

fpmarin@fpmarin March 10th, 2010

IT security company Sense of Security has discovered a serious bug in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database.

Apache website screenshot

Apache website
(Screenshot by Colin Ho/ZDNet.com.au)

Discovered by the company's security consultant Brett Gervasoni, the vulnerability exists in Apache's core "mod_isapi" module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security.

Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit.

According to Sense of Security spokesperson Jason Edelstein, Apache is one of the most popular pieces of web server software used today and the vulnerability was one of the most significant bugs in Apache for years.

"The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows," Edelstein told ZDNet.com.au. "An attacker could gain access to, modify and take away data."

Edelstein advised users running Apache on Windows platforms to upgrade immediately as users have no way of knowing if their web servers have been compromised. The company's security advisory can be accessed here.

"Whilst in the past it was more overt and attackers would deface website pages, they're more likely now to conceal their access to maintain their foothold," said Edelstein, giving examples of attackers potentially exploiting the vulnerability by placing hidden pieces of code to capture credit card details from online transactions and install root kits on compromised websites.

"The latest version is not vulnerable," said Edelstein.

He added that an attacker would need a high degree of technical know-how to successfully exploit the vulnerability.

"You'd need to write a piece of code, a high level piece of code, which is quite difficult to create, and find a condition in the web server," said Edelstein.

"A proof of concept remote exploit has been written by Sense of Security, and it is feasible that others could write a similar exploit to completely compromise a Windows system," said Brett Gervasoni.

Related stories

Apache site hacked via SSH keys

Now arts festival website hacked

Defence ordered telcos to block Titstorm

Govt websites attacked by Titstorm

Anonymous says Titstorm beats a petition

Titstorm 'irresponsible', says Conroy

Talkback

Windows bug prompts Apache update advice

Shouldn't that be a bug in the underlying Operating System, Microsoft Windows. And wouldn't this be a good time for an article on the defective memory management model on the Wintel PC ?

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

Er, no

It's a problem with Apache, hence the need to update Apache.

Any piece of software can potentially compromise any OS if it's not written correctly. By the sounds of it, this isn't exactly easy to exploit either.

You must be an Apple fanboi, because Linux fanbois normally know what they're talking about.

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

Apache bug prompts update advice

mod_isapi is an Apache on Windows module. The story should be updated to state that Apache users running Windows should update. I would venture that most Apache installations are not running on Windows.

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

very misleading

I was halfway through the article, getting ready to go update apache on a couple of servers, before you happened to mention that this only affects Windows...

Title change, please? Or at least in the first line?

Thanks.

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

Why cant people read for themselves?!?!

To the post who was "ready to go update apache" on the basis of a headline and an opening paragraph ... how did you become a sysadmin???
Do you normally start updating servers based on so little information - funny stuff honestly.

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

Apache exploit

Great video and POC to go with this advisory. Makes it look all too simple.

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

Media Hype

Apache running on Windows Server with "mod_isapi" enabled.......

I doubt you would find may hosts running Apache on Windows to support isapi modules.

This issue might be worthy of a news story/SOS advertisement if the vulnerability was present in something that is actually used.

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

yes media hype although

We run multiple Apache servers using mod_isapi for custom applications.

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

hmm...

You obviously have no idea how apache works on Windows.. it is pretty common

AnonymousAnonymous March 10th, 2010
Report offensive content Reply (0) (0)

Code available on Metasploit

The vulnerability is now available in Metasploit so it's now very easy to exploit. Thanks SOS ! ;-)

AnonymousAnonymous March 9th, 2010
Report offensive content Reply (0) (0)

Apache at fault? I think not.

From the mod_isapi home page: http://httpd.apache.org/docs/2.0/mod/mod_isapi.html

"ISAPI extension modules (.dll files) are written by third parties. The Apache Group does not author these modules, so we provide no support for them. Please contact the ISAPI's author directly if you are experiencing problems running their ISAPI extension. Please do not post such problems to Apache's lists or bug reporting pages."

AnonymousAnonymous March 12th, 2010
Report offensive content Reply (0) (0)

RE: Apache at fault? I think yes

Its not talking about ISAPI modules. Its talking about mod_isapi itself, a core module of Apache 2

AnonymousAnonymous March 12th, 2010
Report offensive content Reply (0) (0)

Read the whole document.

You should read the whole document first next time!

AnonymousAnonymous March 12th, 2010
Report offensive content Reply (0) (0)
Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Power Centre Useful content from our premier sponsors

Resource Centre Useful content from our premier sponsors

ZDNet Australia Live

A user from Brisbane measured 17103kbps @ Broadband Speedtest.

3 minutes ago, Click here to find out how fast your internet speed is.

US govt sues Oracle http://itrau.com/cDxM90 via @ZDNetAustralia

Top 25 Android apps: The best of the best http://tinyurl.com/25tvcel

tip @techmeme @scepticgeek ZDNet headline: BlackBerry encryption 'too secure': National security vs. consumer privacy http://zd.net/daRQHJ

@jfp Experience noted! Like at ZDNet, the salary is good (very good) - but it's not my main objective :) Writing, representing, engaging! :)

SQL Server is one of Microsoft's 8 core businesses. http://bit.ly/bPd8kV #TnSqlDc #sqlp****

RT: @ZDNet: Court rejects class action status for Intel antitrust suit http://zd.net/dyhmnc

First impressions of Apple's refreshed desktop lineup http://bit.ly/cFScu9

zdnet: Court rejects class action status for Intel antitrust suit - http://bit.ly/9QtyIw

RT: @ZDNet: Real cuts losses amid restructuring, still misses analyst estimates http://zd.net/a5VrGg

Top 25 Android apps: The best of the best: TED is a fascinating event that features a meeting of the minds of some... http://bit.ly/dnBx1F

RT: @ZDNet: McAfee acquires tenCube; Second quarter mixed bag http://zd.net/9NpzpY

Research: Google reaches malware milestone, while 'true' Twitter users increase - ZDNet (blog) http://url4.eu/6ZLjb

Research: Google reaches malware milestone, while 'true' Twitter users increase - ZDNet (blog) http://url4.eu/6ZLjZ

http://www.zdnet.com/blog/microsoft/microsoft-we-are-focusing-on-eight-core-businesses/6937 focusing on eight anything doesn't sound right

RT @superglaze: A photo-gallery report of #ORGCon, featuring @doctorow @newsbrooke @thepublicdomain and more! http://bit.ly/dbkP7n #acta #deact

Court rejects class action status for Intel antitrust suit http://bit.ly/bZUp31

Apple unveils Safari Extensions Gallery for extensions, updates for security http://zd.net/aSFW2b (via @ZDNet)

http://bit.ly/dnVmvs Aurora opens Small Business Server to the cloud | Servers | ZDNet UK

Court rejects class action status for Intel antitrust suit | ZDNet http://shrten.com/4klr

RT @HeathClancy: EPA: Yup, greenhouse gases still unhealthy http://bit.ly/aZkizM #greentech #green

http://bit.ly/9SnE7Q Database Toolbar Icons - Free Software Downloads - ZDNet Asia

ZDNET: Court rejects class action status for Intel antitrust suit http://bit.ly/9yAlXu

RT: @ZDNet: HP announces a containerized datacenter sale http://zd.net/d47SR2

RT: @ZDNet: Steve Ballmer: Microsoft has been focusing on cloud for 15 years http://zd.net/9cv0US

RT @johandenhaan: Nice example of difficulties of release management: Oracle rebrands Java, breaks Eclipse http://bit.ly/aN1jaI #yam #fun

There are a couple of points in the story where David's digs at Telstra are offmark: firstly, an inference that the current broadband...

27 minutes ago by gromit on Is Telstra the scorpion or the frog?

David, you've completely missed the point. This has nothing to do with consumer value. You mentioned that "Telstra is supposed...

44 minutes ago by M.N.M on Is Telstra the scorpion or the frog?

Yup! They're pretty and look real nice but, as one who qualified in 1963 - on a Diesel Boat - and retired in 1982 - after 6 more die...

47 minutes ago by willyjon on Get wet with submarine tech photos

MasterChefs launch iPhone 4 in Sydney - http://dld.bz/prSR I really want 1, would you get 1? http://dld.bz/prSS

"Not greatly dissimilar to the public jubilation felt at the end of the second World War, Sydney-siders ..." http://bit.ly/cTvyuB #reallysad

Hilarious coverage of the iPhone 4 launch from the CNET guys. http://bit.ly/cTvyuB

What a sad way to live if the only joy in your life is to queue for a piece of defective technology sold by a vendor who accused his loya...

2 hours ago by fred9999 on iPhone 4 Australian launch: pictures

@Jetttje: outlook-alternatieven: http://www.zdnet.com.au/top-alternatives-to-microsoft-outlook-339295046.htm

RT @NASAWatch: NASA photos mooned in abandoned Maccas (LOIRP) http://bit.ly/arFI4Y

http://bit.ly/9y8rsU Multimedia Toolbar Icons - Free Software Downloads - ZDNet Australia

I am happy to know I was right about predicting Symantec's stock price and the furture trend. As I have pointed out a few times, I th...

7 hours ago by strelaoz on iPhone midnight launches across Australia

Just weirdly found out Michael Yell - Country and Regional Director for OEM, XSP and Services Business at Symantec Asia Pacific and Japan...

7 hours ago by strelaoz on iPhone midnight launches across Australia

As I have reported to Symantec Ethics about David Freer’s (VP, Symantec – Norton, APJ) misconducts (fraud, having dissented sex with ...

7 hours ago by strelaoz on iPhone midnight launches across Australia

David Freer (VP, Symantec Consumer Business Units - Norton, APJ) is a BIG LIAR! He lied to me for more than two and half years for my tru...

7 hours ago by strelaoz on iPhone midnight launches across Australia

My speed is 33 807 I'm with bigpond cable

10 hours ago by francoo on Broadband Speedtest

That is a beautiful boat,but, I'd still rather go to sea on a first flight 688 boat.Preferably the 689 if Clinton hadn't decommis...

10 hours ago by rogue689 on Get wet with submarine tech photos

For many other reasons, than just the net filter, the current has to go. Still, I wouldn't trust Abbot either. There are however chec...

11 hours ago by ian_from_oz on Conroy's filter masterstroke

RT: @zdnetaustralia: http://bit.ly/cJU6Mf We've added Virgin to our iPhone 4 pricing table comparison.. See which telco has the best deal.

The pick: five business iPad apps http://fb.me/DOid8NXt

Apple to look at iPhone 3G iOS 4 problems - Software - News http://bit.ly/cmaTAJ _ that's nice of them

Stop trying to dodge the filter issue, Conboy; it'll bite you in the **** whether you like it or not.

14 hours ago by Hyperion on Conroy pledges NBN map, same policies

@merejames http://bit.ly/9YJ6e7

Facebook va lansa un serviciu de răspunsuri la întrebările utilizatorilor http://bit.ly/aS4kLC

Survey proves #AUS e-health demand http://j.mp/ah9Iwf /via @ZDNetAustralia

A "profound cultural change" is required for a truly open government http://bit.ly/bTht86 /via @zdnetaustralia #gov2au

As one who has been as critical as any of the Sol era Telstra...as long as Telstra are leaving feasible room for profit margins for their...

15 hours ago by RS on Is Telstra the scorpion or the frog?

David, while the popular opinion, at least in the eyes of Telstra opponents, is to use every devious argument to stifle the operations of...

16 hours ago by sydneyla on Is Telstra the scorpion or the frog?

Question two: What is stopping.... "AUSTRALIANS could save up to $1.9 billion a year in travel costs, petrol and time if they spent h...

16 hours ago by Vasso Massonic on Is Telstra the scorpion or the frog?

Survey proves e-health demand: NEHTA http://itrau.com/bt9f8w via @ZDNetAustralia

RT @zdnetaustralia: Survey by NEHTA proves there is a demand for e-health http://bit.ly/bXuT1K

RT @zdnetaustralia: Telstra cops $18.55 million fine for exchange capping http://bit.ly/9cL91V

RT @zdnetaustralia: Survey by NEHTA proves there is a demand for e-health http://bit.ly/bXuT1K #yam

A good read..RT @zdnetaustralia: Is Telstra the scorpion or the frog? http://bit.ly/cSgC31

RT @zdnetaustralia: eBay and the Trading Post online help the Australian Taxation Office catch tax cheats http://bit.ly/dBDXRz

RT @zdnetaustralia Tesltra tweaks its data plans for all smartphones (not just the iPhone 4) http://bit.ly/bxO0G2

RT @zdnetaustralia: Is Telstra the scorpion or the frog? http://bit.ly/cSgC31

Is Telstra the scorpion or the frog? http://bit.ly/cSgC31

@mibus http://www.zdnet.com.au/commbank-dives-into-580m-banking-it-revamp-339288467.htm

The tech keeping Plastiki afloat: photos: ZDNet Australia brings you the tech below deck on the epic Plastiki voyage. http://bit.ly/aTj1QU

http://bit.ly/cJU6Mf We've added virgin to our iPhone 4 pricing table comparison.. See which telco has the best deal.

This story has been liked 5 times in the last 24 hours!

Keep up with ZDNet Australia

LinkedinLinkedin Join our network

RSS FeedsRSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

TwitterTwitter Follow us

Compare Broadband Plans

Powered by WhistleOut

« 1 of 3»
1) Telstra BigPond37 plans 1%
2) Optus76 plans 2%
3) 39 plans 1%
4) Virgin Mobile7 plans 4%
5) Netspace36 plans 1%
1) Mobile Broadband Plans 8%
2) ADSL2+ Broadband Plans 5%
3) Cable Broadband Plans 4%
4) Naked DSL Broadband Plans 1%
5) ADSL Broadband Plans 6%

Mobile Phones | Broadband

CBS - ZDNET Australia Partner Services

Sponsored resources