Red Hat Bugzilla – Bug 1301762
apache-core: zero day or escalation bug
Last modified: 2016-01-25 18:47:31 EST
Description of problem:
I dont know where or how to catergorize this. There seems to have been a major breakage via exploit this past week with apache.
Outside folk are able to remove/edit images within wordpress installation, break themes, break WP logins and edit the htaccess files left on a server, causing forced 500 errors.
Yes, my permissions are the reccommended ones.
Touche if dreamhost is breaking things but I dont think this is the case here.
They run ubuntu but, this is significant enough to have the rest of us check the upstream code to check for the vulnerability.If they dont update, shame on canonocial.WE KNOW BETTER! Time to put the exploit to bed.
Version-Release number of selected component (if applicable):
Triggered this week(via botnet?) at Dreamhost.
Steps to Reproduce:
not yet known
devastating recurring disaster until site is re-upped and all passwords reset. booted out of site during this reset phase. plugins were not helping the matter.htaccess obviously needs to be fixed to restore functionality.
This should never happen from outside. Indicative of a zero day or escalation bug.
Linux christopher 3.2.61-grsec-modsign #1 SMP Tue Aug 12 09:58:26 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
ndn-apache22 2.2.31-2 Dreamhost Apache 2.2 package
This is most info I can seem to retrieve as a non-root user.Host has been notified of the intrusion.
This seems to be some issue with another distro, which is not anything we can do anything about.
If you isolate some specific httpd/apache or wordpress bugs here, feel free to file bugs on those components and we can make sure the versions we ship are fixed for them.