Red Hat releases Linux patches

News

Red Hat releases Linux patches

Red Hat has released a range of patches for its Linux 7.1, 7.2 and 7.3 versions which previously allowed a local user to fire off denial-of-service attacks.

The real issue comes with the Apache Web server. It was discovered that if someone gained access to the main configuration and access-restriction files used with Apache, they could set up a denial-of-service attack. They could also gained increased system privileges, making the possibility of other hacks larger.

All users of Apache have been advised to upgrade, at the same time shutting down other holes. It affects all versions before 1.3.29. The actual vulnerability, CAN-2003-0542 is eloquently described as "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures".

Yesterday, 13 NASA websites were defaced using Apache and Linux exploits. A Brazilian hacker group apparently used a PHP script to get to the local level of Linux through Apache and then used a known hole in the Linux kernel to gain admin rights.

Kieren McCarthy writes for Techworld.com


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy