Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Apache 1.3.26 seg faults & bus errors

From: Ryan Sweat <rsweat () attbi com>
Date: 25 Oct 2002 21:52:19 -0500
It would be helpful if you could paste part of the access log or other
packet capture which signifies what data is being sent to apache causing
this to happen.

RedHat's apache is known to have issues with CodeRed attempts.  The
solution is to upgrade to Apache 2.x or 1.3.27.  RedHat has not released
any errata that fixes this bug, you must install from source, unless of
course you have RedHat 8 which ships with Apache 2.x.

There was a thread on this list just last week pertaining to this.
http://online.securityfocus.com/archive/75/296184/2002-10-16/2002-10-22/1

Ryan

On Fri, 2002-10-25 at 10:59, rsavage () nandomedia com wrote:

We upgraded to apache 1.3.26 from apache 1.3.24 during the time the
`Apache Web Server Chunk Handling Vulnerability' was released, but
still seeing these:


[Fri Aug 23 08:30:35 2002] [notice] child pid 50775 exit signal
Segmentation fault (11)
[Fri Aug 23 08:49:31 2002] [notice] child pid 51990 exit signal
Segmentation fault (11)
[Fri Aug 23 09:31:56 2002] [notice] child pid 55712 exit signal
Segmentation fault (11)
[Fri Aug 23 10:32:20 2002] [notice] child pid 60289 exit signal
Segmentation fault (11)
[Fri Aug 23 10:45:33 2002] [notice] child pid 61593 exit signal
Segmentation fault (11)
[Fri Aug 23 10:55:37 2002] [notice] child pid 62832 exit signal Bus error
(10)
[Fri Aug 23 11:43:24 2002] [notice] child pid 65789 exit signal Bus error
(10)
[Fri Aug 23 12:14:07 2002] [notice] child pid 69531 exit signal
Segmentation fault (11)
[Fri Aug 23 13:04:01 2002] [notice] child pid 73722 exit signal
Segmentation fault (11)

dmesg.yesterday:pid 32987 (httpd), uid 65534: exited on signal 10
dmesg.yesterday:Oct 22 14:07:09 robin /kernel: pid 32987 (httpd), uid
65534: exited on signal 10
messages:Oct 22 14:07:09 robin /kernel: pid 32987 (httpd), uid 65534:
exited on signal 10

Server version: Apache/1.3.26 (Unix)
Server built:   Jun 20 2002 10:14:35

Compiled-in modules:
  http_core.c
  mod_env.c
  mod_log_config.c
  mod_mime.c
  mod_negotiation.c
  mod_status.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_rewrite.c
  mod_access.c
  mod_auth.c
  mod_proxy.c
  mod_usertrack.c
  mod_unique_id.c
  mod_setenvif.c
  mod_perl.c
suexec: disabled; invalid wrapper /etc/httpd/bin/suexec


Is there something else out there, another DoS attack?

-- 
Rory Savage, Senior Systems Administrator
Nando Media: www.nandomedia.com
email: rsavage () nandomedia com
aol im (PiasElihU)
919-836-5987 (Office)




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: