Kremlin Site Vulnerable to Attack

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/technology/0,1282,53412,00.html

By Brian McWilliams 
11:28 a.m. June 21, 2002 PDT 

Potentially millions of websites -- including the new, reportedly
invincible home page of Russian President Vladimir Putin -- may become
easy prey for hackers if their administrators don't promptly upgrade
their software.

The new Kremlin site, launched Thursday, underwent three months of
testing to ensure it is "almost hacker-proof," according to a Reuters
story published Friday. The report said almost 100 hackers attempted
to break into Putin's site in its first 24 hours of operation.

But independent tests of the Russian president's website revealed
Friday that it was running an outdated version of the popular Apache
Web server that could be vulnerable to a recently discovered security
bug.

Data provided by research firm Netcraft showed that Putin's site was
using the Red-Hat Linux operating system with Apache version 1.3.20.  
Netcraft's data was corroborated by a security scanner from eEye
Digital Security, which examines a Web server's "banner" to determine
if it is vulnerable to the Apache flaw, according to chief hacking
officer Marc Maiffret.

On Monday, the U.S. government-funded Computer Emergency Response Team
warned that a security flaw in Apache versions 1.2.2 through 1.3.24
could allow remote attackers to execute malicious programs on
vulnerable servers. The Apache Software Foundation has advised
administrators to upgrade immediately to the latest version of the Web
server software that is not prone to the "chunked-encoding" bug.

In use on more than 10 million active websites, Apache is the most
popular Web server used on the Internet, with over 60 percent market
share, according to Netcraft. The program runs on several Unix-based
operating systems as well as on Microsoft's Windows.

The security of some Apache sites was especially threatened Wednesday
when a research group called Gobbles Security released a tool designed
to allow attackers to take control of unpatched Apache installations
running on the OpenBSD operating system.

A Gobbles representative told Wired News Friday that the group intends
to publish a new version of the program that additionally exploits the
Apache flaw on unpatched FreeBSD and NetBSD machines "with a 100
percent success rate." Gobbles said it also has developed, but not
publicly released, exploits for the Sun Solaris and Linux operating
systems.

Officials at Ayaxi, the Moscow firm that developed Putin's site, were
not immediately available.

According to Netcraft, more than a dozen websites operated by the
Russian Federation were also running unpatched versions of Apache.  
Representatives of the Russian Government Internet Network did not
immediately respond to requests for information.

Following the release of Gobbles' "Apache-Scalp" program,
SecurityFocus.com raised its "ThreatCon Rating" to Level 3, the first
time the security information firm has issued such a warning since the
Nimda worm hit the Internet last September.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.