Bug 1301762 - apache-core: zero day or escalation bug
apache-core: zero day or escalation bug
Product: Fedora
Classification: Fedora
Component: distribution (Show other bugs)
All Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Václav Pavlín
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2016-01-25 18:11 EST by Richard Jasmin
Modified: 2016-01-25 18:47 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-01-25 18:47:31 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Richard Jasmin 2016-01-25 18:11:54 EST
Description of problem:
I dont know where or how to catergorize this. There seems to have been a major breakage via exploit this past week with apache.
Outside folk are able to remove/edit images within wordpress installation, break themes, break WP logins and edit the htaccess files left on a server, causing forced 500 errors.

Yes, my permissions are the reccommended ones.

Touche if dreamhost is breaking things but I dont think this is the case here.
They run ubuntu but, this is significant enough to have the rest of us check the upstream code to check for the vulnerability.If they dont update, shame on canonocial.WE KNOW BETTER! Time to put the exploit to bed.

Version-Release number of selected component (if applicable):

How reproducible:
Triggered this week(via botnet?) at Dreamhost.

Steps to Reproduce:
not yet known

Actual results:
devastating recurring disaster until site is re-upped and all passwords reset. booted out of site during this reset phase. plugins were not helping the matter.htaccess obviously needs to be fixed to restore functionality.

Expected results:
This should never happen from outside. Indicative of a zero day or escalation bug.

Additional info:
Linux christopher 3.2.61-grsec-modsign #1 SMP Tue Aug 12 09:58:26 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

ndn-apache22   2.2.31-2       Dreamhost Apache 2.2 package

This is most info I can seem to retrieve as a non-root user.Host has been notified of the intrusion.
Comment 1 Kevin Fenzi 2016-01-25 18:47:31 EST
This seems to be some issue with another distro, which is not anything we can do anything about. 

If you isolate some specific httpd/apache or wordpress bugs here, feel free to file bugs on those components and we can make sure the versions we ship are fixed for them.

Note You need to log in before you can comment on or make changes to this bug.