Apache Web Server Security Issues. CSIS 4490 – UNIX Administration and Security Summer 2002 Dr. Ken Hoganson By: Tracy C. Guthrie July 16, 2002. Brief History of Apache Web Server. From the Apache HTTP Server Project page at http://httpd:apache.org/ABOUT_APACHE.html
CSIS 4490 – UNIX Administration and Security
Dr. Ken Hoganson
By: Tracy C. Guthrie
July 16, 2002
Note: According to the site www.truesecure.com, chunked encoding is used to transfer pieces of data of unknown size between the web server and the web client. Apache has issues in the math that is used to calculate the buffer size and allocates a buffer that is too small leading to buffer overflows that can lead to a host of security issues.
http://www.apacheweek.com/issues/02-06-21#security, http://httpd.apache.org, http://httpd.apache.org/info/security_bulletin_20020620.txt, http://www.trusecure.com/knowledge/hypeorhot/2002/tsa02009.shtml
1.Creates an un-encoded worm file in the /tmp directory called .uua that is decoded and executed as /tmp/.a and this also deletes the original unencoded .uua file.
2.After execution the rouge program creates a backdoor at UDP Port 2001 and scans the server to see if it is running Apache server software. If the answer is yes, the virus attempts to infect the server.
3.If the server is successfully infected then the problems listed in the previous slide are possible and the remote processes can be submitted at the same level or privilege class as the server itself.
4.The worm creates no known changes to the system configuration files and is not hidden in the process list.
http://lwn.net/Articles/2756/, http://www.zdnet.com/filters/printerfriendly/0,6061,2873254-10,00.html, http://www.vnunet.com/News/1133151, http://news.com.com/2102-1001-936924.html