IT admins warned to upgrade immediately
V3.co.uk, 09 Mar 2010
Security researchers have warned of a serious flaw in the Apache web server software that could allow hackers to gain system privileges.
The flaw is found in Apache 2.2.14 and earlier versions where the software is being run on Windows systems, but the latest version 2.2.15 fixes the exploit. Users are advised to upgrade immediately.
"By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory," said the advisory from Sense of Security.
"However, function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability."
Proof-of-concept code for the attack has already been produced, in which a sos.txt file is sent to the system and is available for download.
Veracode stats reveal around three-quarters of software does not meet an acceptable level of security
Vulnerability in FTP service in IIS versions 5.0, 5.1 and 6.0
Top web server provider suffers breach of systems
U-turn from Redmond pleases open source community
Best
practices to secure and protect backup data
Exploding the myths about data security and backup encryption
Using
data integration to drive down costs and increase profits
This paper outlines why data integration is an important weapon in an
enterprise’s competitive arsenal
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you thousands of white papers, case studies and analyst reports.
Rapid Predictive Modeler designed to aid enterprise decision making
Huawei's Ideos smartphone, announced today , is claimed by the...
Do you agree?
Have your say on this article