*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
there is an apache zero day out there, I have been trying to report for some time. may affect upstream debian code also. Nasa got hit, dreamhost got hit, potentially others also. what happens is the attacker gains root or escalation priviledges somehow and gets to muck up the htaccess file. as a result the server refuses to load the config and throws 500 in peoples faces instead. Note that I used geany and leafpad when editing. there is no way to drop sequences of line numbers into this file by blind accident. This however did occur. It is possible also to override file permissions ie access permissions in ways to break wordpress setups. There is no easy fix for this once it occurs and very upsetting to WP users. As a result I have dropped it. Im not sure what causes the zero-day. grsec patches are used but dated and will not build for recent kernels, rather break them. ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New -- apache root 0day https://bugs.launchpad.net/bugs/1581048 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs