Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
Apache Today [Your Apache News Source] To

Free trial with SiteScope. $10 Amazon Certificate.

Apache HTTPD Links
The Jakarta Project
Apache XML Project
Apache Project
The Java Apache Project
Apache-Perl Integration Project
PHP Server Side Scripting
The Apache Software Foundation
The Apache FAQ
Apache Module Registry
Apache-Related Projects

Internet News
Internet Investing
Internet Technology
Windows Internet Tech.
Linux/Open Source
Web Developer
ISP Resources
ASP Resources
Wireless Internet
Internet Resources
Internet Lists
Career Resources

Advertising Info
Corporate Info
Apache 1.3 Security Fix Available for Win32/OS2 users
May 13, 2001, 04 :50 UTC (0 Talkback[s]) (2541 reads)

(From the Apache announcements list.)

Date: Sat, 12 May 2001 16:21:13 -0500
From: "William A. Rowe, Jr."
Subject: [Announce] Apache 1.3 Security Fix Available for Win32/OS2 users
Ports Affected: Windows 95, 98, ME, NT and 2000, OS2/Warp

Versions Affected: 1.3 [all subversions through .19]

Patch: Available

Replacement Binary: Available for Apache 1.3.19

An exploit was recently reported that allows a malicious user to terminate the Apache server running on Win32 or OS2.

Depending on the specific OS version, the server would stop listening to further requests, and prompt the operator that the Apache.exe process had performed an illegal operation, and would remain hung until the administrator cleared the fault.

In all cases the server would not respond until it completed its restart, which could take one minute or more depending on the server's configuration. Any replies in process from the server would be terminated.

No other operating systems are effected by the vulnerability. We are not aware of any exploits of this vulnerability other than the denial of service.

The fixfault_win32_os2-1.3.19.patch file is available from:

Since many Win32 and OS2 users rely on soley on binary releases, the replacement for the core binary module file is available in the win32 and os2 directories:

Please read the information on those download pages carefully, and be sure to back up your existing ApacheCore.dll file before replacing it with this binary.

Note that users of non-standard distributions, such as the Apache-EAPI extensions or ApacheSSL-enabled servers _cannot_ use this patched binary. Either refer to the distributor or vendor of your Apache build for updated binaries, or apply the patch to the sources, where available, and recompile the server.

Users of older versions of Apache on Win32 and OS2 platforms are cautioned to to upgrade to 1.3.19 and apply this fix. All Win32 and OS2 users are strongly encouraged to upgrade to 1.3.20 once it is released. A large number of Win32 bugs have been identified over time, and 1.3.20 will introduce more fixes for Win32.

Configuration help for Windows users is by peer-support at the newsgroup:

  Current Newswire:
Daemon News: Jakarta-Tomcat on FreeBSD 4.4

Moto, a compilable server-side scripting language

SECURITY: Flaws Found in PHP Leave Web Servers Open to Attack

Everything Solaris: Apache: Handling Traffic

LinuxEasyInstaller 2.0 final release

Apache 2.0.32 beta is available

Everything Solaris: Apache: The Basics

Apache Jakarta James Mailserver v2.0a2 Released

PostgreSQL v7.2 Final Release

Daemon News: Multiple webservers behind one IP address

No talkbacks posted.
Enter your comments below.
Your Name: Your Email Address:

Subject: CC: [will also send this talkback to an E-Mail address]

See our talkback-policy for or guidelines on talkback content.

About Triggers Media Kit Security Triggers Login

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4
Copyright 2002 INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.