Hackers post Apache attack tools

EVER SINCE VULNERABILITIES were discovered in some Apache web servers, hackers have been having a field day, it seems, trying to penetrate the exposed defences.

Yesterday, some postings revealed that the fix issued by Apache, here, following an earlier flawed attempt to plug the hole posted on the Security Focus Bugtraq bulletin board, was also itself flawed. And last night a group of hackers made some tools to exploit weaknesses in the servers publicly available.

The hacker group, known as Gobbles Security, posted its program on BugTraq here, claiming it had released the software to demonstrate it was still possible to exploit the flaw exposed on the site on Monday and subsequently "fixed" by Apache. The program attacks Apache Web servers running OpenBSD, and is "very ./friendly."

"All scriptkids/penetration testers should be able to run it without any trouble. My God have mercy on our souls," said the mischievous group's posting.

Apache is used on about 60% of Web servers, and though system admins are recomended to upgrade their systems with the patches available from Apache.org, the fear is that other hackers will have been beavering away to make tools to exploit the flaws on other operating systems.

"Though we previously reported that 32-bit platforms were not remotely exploitable, it has since been proven by Gobbles that certain conditions allowing exploitation do exist," says a statement on www.apache.org.

"Successful exploitation of this vulnerability can lead to the execution of arbitrary code on the server with the permissions of the web server child process. This can facilitate the further exploitation of vulnerabilities unrelated to Apache on the local system, potentially allowing the intruder root access," says the Apache Foundation

"Note that early patches for this issue released by ISS and others do not address its full scope."

"The risk is considered high." says the embattled foundation. It has released versions 1.3.26 and 2.0.39 that address and fix this issue, and "all users are urged to upgrade immediately," it urges. µ