SQR Consulting Home Page

For all your Quality Management and Continual Improvement Initiatives and Standards
 
 SQR Consulting Home PageSQR Home Page  ForumsForums  FAQFAQ   Search ForumSearch Forum   Forum MemberlistForum Memberlist   Forum UsergroupsForum Usergroups  Who is logged onWho is logged on   Register for ForumRegister for Forum 
 Forum ProfileForum Profile   Log in to check your private messagesLog in to check your private messages  Chat RoomChat Room    Log in to ForumLog in to Forum 

Serious flaw discovered in Apache

 
Post new topic   Reply to topic   printer-friendly view    strategic-quality-resources.com Forum Index -> Information Security Management Systems (ISMS)
View previous topic :: View next topic  
Author Message
GaryW
Site Admin


Joined: 14 Oct 2005
Posts: 83186
Location: Adelaide, Australia
as.gif
PostPosted: Wed Mar 10, 2010 7:49 am    Post subject: Serious flaw discovered in Apache Reply with quote
Iain Thomson in San Francisco, V3.co.uk, Tuesday 9 March 2010 at 02:54:00
IT admins warned to upgrade immediately
Security researchers have warned of a serious flaw in the Apache web server
software that could allow hackers to gain system privileges.
The flaw is found in Apache 2.2.14 and earlier versions where the software is
being run on Windows systems, but the latest version 2.2.15 fixes the exploit.
Users are advised to upgrade immediately.
\"By sending a specially crafted request followed by a reset packet it is
possible to trigger a vulnerability in Apache mod_isapi that will unload the
target ISAPI module from memory,\" said the
advisory
from Sense of Security.
\"However, function pointers still remain in memory and are called when
published ISAPI functions are referenced. This results in a dangling pointer
vulnerability.\"
Proof-of-concept code for the attack has already been produced, in which a
sos.txt file is sent to the system and is available for download.


Read more...

Source: The most recent articles from vnunet.com
The most recent articles from vnunet.com (Generated on Tuesday 9 March 2010 at 22:17:23)
_________________
Regards,

Gary Wilkinson
Founder & Principal Consultant
SQR Consulting
Back to top
GaryW is offline View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    strategic-quality-resources.com Forum Index -> Information Security Management Systems (ISMS) All times are GMT + 9.5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

© 2005 SQR Consulting - All rights reserved
ABN : 60512166070



Powered by phpBB © 2001, 2005 phpBB Group