Hi, Hope you must have heard about the latest apache nightmare.
http://www.infoq.com/news/2011/08/apache-killer http://www.fastcompany.com/1776321/the-biggest-little-threat-to-kill-the-internet-you-didnt-know-about http://www.theregister.co.uk/2011/08/24/devastating_apache_vuln/ My co-admin run the killer script on some linux servers and within seconds all the CPUs turned 100% and the servers started to crawl. I made him run it on an Old OpenBSD 4.7 ( released 1.5 years back ) webserver and it made no affect! Also I found this true of the lastest version of OpenBSd here. http://marc.info/?l=openbsd-misc&m=131424693000610&w=2 It seems this was already fixed in the OpenBSD's much before. The vulnerability was known since Jan 2007 as you can see from http://seclists.org/bugtraq/2007/Jan/83 I wonder why Apache developers or any Linux vendor fix it. I guess for any critical Apache services it is better to run the OpenBSD's patched version that comes along with the OS. Years back one of the OpenBSD developers told that Apache has not incorporated many security fixes thay have provided because of very silly reasons. http://marc.info/?l=openbsd-misc&m=108786980513755&w=2 It is when things like this happens most people think about security! Thanks --Siju _______________________________________________ Indian Libre User Group Cochin Mailing List http://www.ilug-cochin.org/mailing-list/ http://mail.ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org #[email protected]
