Bug 1301762

Summary: apache-core: zero day or escalation bug
Product: [Fedora] Fedora Reporter: Richard Jasmin <spike85051>
Component: distributionAssignee: Václav Pavlín <vpavlin>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 22CC: dennis, kevin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-25 23:47:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Richard Jasmin 2016-01-25 23:11:54 UTC
Description of problem:
I dont know where or how to catergorize this. There seems to have been a major breakage via exploit this past week with apache.
Outside folk are able to remove/edit images within wordpress installation, break themes, break WP logins and edit the htaccess files left on a server, causing forced 500 errors.

Yes, my permissions are the reccommended ones.

Touche if dreamhost is breaking things but I dont think this is the case here.
They run ubuntu but, this is significant enough to have the rest of us check the upstream code to check for the vulnerability.If they dont update, shame on canonocial.WE KNOW BETTER! Time to put the exploit to bed.

Version-Release number of selected component (if applicable):
N/A

How reproducible:
??
Triggered this week(via botnet?) at Dreamhost.

Steps to Reproduce:
not yet known

Actual results:
devastating recurring disaster until site is re-upped and all passwords reset. booted out of site during this reset phase. plugins were not helping the matter.htaccess obviously needs to be fixed to restore functionality.

Expected results:
This should never happen from outside. Indicative of a zero day or escalation bug.

Additional info:
Linux christopher 3.2.61-grsec-modsign #1 SMP Tue Aug 12 09:58:26 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

ndn-apache22   2.2.31-2       Dreamhost Apache 2.2 package

This is most info I can seem to retrieve as a non-root user.Host has been notified of the intrusion.

Comment 1 Kevin Fenzi 2016-01-25 23:47:31 UTC
This seems to be some issue with another distro, which is not anything we can do anything about. 

If you isolate some specific httpd/apache or wordpress bugs here, feel free to file bugs on those components and we can make sure the versions we ship are fixed for them.