Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue.(情報元のブックマーク数)
Apache-2.2.15がリリースされたみたい。なんかOpenSSLなセキュリティ修正を含んだ5件のセキュリティな修正があるそうです。
Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue.
InfoSec Handlers Diary Blog - Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue.
これかな?Exploitが出てるみたい・・・
/* -Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit (CVE-2010-0425) ------------------------------------------------------------------------------- * -Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 - -Description: -pwn-isapi.cpp exploits a dangling pointer vulnerabilty in Apache 2.2.14 mod_isapi. -Due to the nature of the vulnerability, and exploitation method, DEP should be limited to essential -Windows programs and services. At worst, if DEP is enabled for the Apache process, you could cause -a constant DoS by looping this (since apache will automatically restart) :) * -Note that the exploit code may need to be run multiple times before a shell is spawned (70% -success rate - tested on three different systems). Furthermore, the exploit code may require -modification to exploit this vulnerability on different platforms. This is due to loaded memory -references to the unloaded DLL (they will be different for each ISAPI module). Do not test -this code in a VM otherwise the code may fail to send the RESET packet (something to do with -VMware gracefully closing the connection, instead of sending a RESET packet) - I didnt want -to have to use raw packets on Windows. * -Shellcode Note: -The shellcode writes "pwn-isapi" to "sos.txt" which is created in the current working directory. -Most operating systems should be supported by this shellcode. I've used Skylined's method of finding -the base address of kernel32.dll for Windows 7 and modified it so that it will find the base -address of msvcrt.dll instead. I've also added another check so that it will be able to detect -"msvcrt.dll" on Windows Server 2003 (this OS loads msvcrt.dll in 5th position, and before this -DLL string is read, another DLL (RPCRT4.dll) length is verifiied which matches the length of -msvcrt.dll. So the added check will verify the presents of "m" before proceeding. * -Author: -Brett Gervasoni (brettg [at] senseofsecurity.com.au) * -Copyright Sense of Security Pty Ltd 2010. -http://www.senseofsecurity.com.au */
