Re: New worm segfaults apache

[Chip McClure <vhm3 () hades dnsalias net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Which version of apache, and what OS are you running?

Running Apache 2.0.16, FreeBSD 4.3 - never had a segfault - and a ton of
probes against it.

- ----
Chip McClure
Sr Unix Administrator
GigGuardian, Inc.

http://www.gigguardian.com/
- ----

On Tue, 18 Sep 2001, bugtraq wrote:

> Hello,
>
>
> Over 15 times my apache has segfaulted whenever I get scanned by this worm.
>
> Sep 18 13:30:15 cgisecurity /kernel: pid 35290 (httpd), uid 1003: exited on signal 11
> Sep 18 13:38:03 cgisecurity /kernel: pid 35390 (httpd), uid 1003: exited on signal 11
> Sep 18 14:06:00 cgisecurity /kernel: pid 35391 (httpd), uid 1003: exited on signal 11
> Sep 18 14:20:51 cgisecurity /kernel: pid 35453 (httpd), uid 1003: exited on signal 11
> Sep 18 15:27:22 cgisecurity /kernel: pid 35740 (httpd), uid 1003: exited on signal 11
> ^C
>
> Any idea why apache is segfaulting? I have 250 megs of free ram without proccess limits and
> it segfaults. Also I tried every string and have been unable to replicate it manually.
>
> - admin () cgisecurity com
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.76

iQA/AwUBO6fAm4xq/3tb9j7EEQLsTgCg4+kUpMA7ahooaUjEN0a54/4+moMAnjLg
BCMdUGBiTsZO1naN1xrc4Pjc
=i0xv
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com