Red Hat releases Linux patches


Red Hat releases Linux patches

Red Hat has released a range of patches for its Linux 7.1, 7.2 and 7.3 versions which previously allowed a local user to fire off denial-of-service attacks.

The real issue comes with the Apache Web server. It was discovered that if someone gained access to the main configuration and access-restriction files used with Apache, they could set up a denial-of-service attack. They could also gained increased system privileges, making the possibility of other hacks larger.

All users of Apache have been advised to upgrade, at the same time shutting down other holes. It affects all versions before 1.3.29. The actual vulnerability, CAN-2003-0542 is eloquently described as "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures".

Yesterday, 13 NASA websites were defaced using Apache and Linux exploits. A Brazilian hacker group apparently used a PHP script to get to the local level of Linux through Apache and then used a known hole in the Linux kernel to gain admin rights.

Kieren McCarthy writes for

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy