httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Roest <ht...@blahz.ab.ca>
Subject 1.3.26 Exploit? or something I'm overlooking
Date Mon, 24 Jun 2002 00:57:39 GMT
Hello,
    I have recently upgraded to 1.3.26 to fix the reported security hole 
in 1.3.24.  The weirdest thing is that I am still getting error 
message's like the following in my error_log

[Sun Jun 23 18:05:57 2002] [notice] child pid 27126 exit signal 
Segmentation fault (11), possible coredump in /usr/local/apache
[Sun Jun 23 18:05:59 2002] [notice] child pid 27127 exit signal 
Segmentation fault (11), possible coredump in /usr/local/apache
[Sun Jun 23 18:06:01 2002] [notice] child pid 27138 exit signal 
Segmentation fault (11), possible coredump in /usr/local/apache
[Sun Jun 23 18:06:03 2002] [notice] child pid 27139 exit signal 
Segmentation fault (11), possible coredump in /usr/local/apache
[Sun Jun 23 18:06:05 2002] [notice] child pid 27140 exit signal 
Segmentation fault (11), possible coredump in /usr/local/apache
[Sun Jun 23 18:06:07 2002] [notice] child pid 27141 exit signal 
Segmentation fault (11), possible coredump in /usr/local/apache
[Sun Jun 23 18:06:10 2002] [notice] child pid 27142 exit signal 
Segmentation fault (11), possible coredump in /usr/local/apache

I have attempted to get a tcpdump of the web transaction that happens 
right before this error shows up but I lost the one that I was able to 
grab.  I am continuing to run tcp dump in case it happens again (which 
it most likely will as it's been happening a few times a day for the 
last couple days since I upgraded)

http://myip/server-info gives the following info

Server Version: Apache/1.3.26 (Unix) PHP/4.2.1 mod_gzip/1.3.19.1a
Server Built: Jun 21 2002 22:14:40
API Version: 19990320:13
Run Mode: standalone
User/Group: apache(48)/233
Daemons: start: 5    min idle: 5    max idle: 10    max: 150
Max Requests: per child: 0    keep alive: on    max per connection: 100
Threads: per child: 0   
Excess requests: per child: 0   
Timeouts: connection: 300    keep-alive: 15
Server Root: /usr/local/apache
Config File: conf/httpd.conf
PID File: /usr/local/apache/logs/httpd.pid
Scoreboard File: /usr/local/apache/logs/httpd.scoreboard

I have tried using the mod_blowchunks that was posted to bugtraq and it 
catches the 1.3.24 chunk request errors. But doesn't catch this error 
when it happens.

The results when this happens is like the 1.3.24 exploit.  My Apache 
becomes unresponsive and my process list shows many httpd <dfunc>.

Has anyone seen this with 1.3.26???  Or should I be sending this in as a 
possible 1.3.26 exploit?

--Mike



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message