*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
there is an apache zero day out there, I have been trying to report for
some time. may affect upstream debian code also. Nasa got hit, dreamhost
got hit, potentially others also.
what happens is the attacker gains root or escalation priviledges
somehow and gets to muck up the htaccess file. as a result the server
refuses to load the config and throws 500 in peoples faces instead.
Note that I used geany and leafpad when editing. there is no way to drop
sequences of line numbers into this file by blind accident.
This however did occur.
It is possible also to override file permissions ie access permissions in ways
to break wordpress setups. There is no easy fix for this once it occurs and
very upsetting to WP users. As a result I have dropped it.
Im not sure what causes the zero-day. grsec patches are used but dated
and will not build for recent kernels, rather break them.
** Affects: apache2 (Ubuntu)
Importance: Undecided
Status: New
--
apache root 0day
https://bugs.launchpad.net/bugs/1581048
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
