Security Incidents mailing list archives
Re: Apache 1.3.26 seg faults & bus errors
From: Ryan Sweat <rsweat () attbi com>
Date: 25 Oct 2002 21:52:19 -0500
It would be helpful if you could paste part of the access log or other packet capture which signifies what data is being sent to apache causing this to happen. RedHat's apache is known to have issues with CodeRed attempts. The solution is to upgrade to Apache 2.x or 1.3.27. RedHat has not released any errata that fixes this bug, you must install from source, unless of course you have RedHat 8 which ships with Apache 2.x. There was a thread on this list just last week pertaining to this. http://online.securityfocus.com/archive/75/296184/2002-10-16/2002-10-22/1 Ryan On Fri, 2002-10-25 at 10:59, rsavage () nandomedia com wrote:
We upgraded to apache 1.3.26 from apache 1.3.24 during the time the `Apache Web Server Chunk Handling Vulnerability' was released, but still seeing these: [Fri Aug 23 08:30:35 2002] [notice] child pid 50775 exit signal Segmentation fault (11) [Fri Aug 23 08:49:31 2002] [notice] child pid 51990 exit signal Segmentation fault (11) [Fri Aug 23 09:31:56 2002] [notice] child pid 55712 exit signal Segmentation fault (11) [Fri Aug 23 10:32:20 2002] [notice] child pid 60289 exit signal Segmentation fault (11) [Fri Aug 23 10:45:33 2002] [notice] child pid 61593 exit signal Segmentation fault (11) [Fri Aug 23 10:55:37 2002] [notice] child pid 62832 exit signal Bus error (10) [Fri Aug 23 11:43:24 2002] [notice] child pid 65789 exit signal Bus error (10) [Fri Aug 23 12:14:07 2002] [notice] child pid 69531 exit signal Segmentation fault (11) [Fri Aug 23 13:04:01 2002] [notice] child pid 73722 exit signal Segmentation fault (11) dmesg.yesterday:pid 32987 (httpd), uid 65534: exited on signal 10 dmesg.yesterday:Oct 22 14:07:09 robin /kernel: pid 32987 (httpd), uid 65534: exited on signal 10 messages:Oct 22 14:07:09 robin /kernel: pid 32987 (httpd), uid 65534: exited on signal 10 Server version: Apache/1.3.26 (Unix) Server built: Jun 20 2002 10:14:35 Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_rewrite.c mod_access.c mod_auth.c mod_proxy.c mod_usertrack.c mod_unique_id.c mod_setenvif.c mod_perl.c suexec: disabled; invalid wrapper /etc/httpd/bin/suexec Is there something else out there, another DoS attack? -- Rory Savage, Senior Systems Administrator Nando Media: www.nandomedia.com email: rsavage () nandomedia com aol im (PiasElihU) 919-836-5987 (Office) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Apache 1.3.26 seg faults & bus errors rsavage (Oct 25)
- Re: Apache 1.3.26 seg faults & bus errors Ryan Sweat (Oct 26)
- RE: Apache 1.3.26 seg faults & bus errors Rory Savage (Oct 26)
- Re: Apache 1.3.26 seg faults & bus errors Cy Schubert - CITS Open Systems Group (Oct 30)
- RE: Apache 1.3.26 seg faults & bus errors Rory Savage (Oct 26)
- Re: Apache 1.3.26 seg faults & bus errors Ryan Sweat (Oct 26)