Date: Thu, 27 Jun 2002 10:17:49 -0600 (MDT) From: Brett Glass <brett@lariat.org> To: bright@mu.org, odela01@ca.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: resolv and dynamic linking to compat libc Message-ID: <200206271617.KAA04440@lariat.org> In-Reply-To: <20020627071849.GG18877@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Last night, I saw an attempted attackl that may have been an attempt to subvert a build of Apache 2.0.39 built with the buggy libc. Apache had spawned dozens of child processes, which all hung (they were trying to double-free memory) and the server was completely locked up. As far as I can tell, the intruder didn't make it in but did manage to mess up Apache's unprivileged child processes -- a first step. Apache is one of the most likely targets for a libc exploit, because so many servers run it. Beware, folks; the most important programs to rebuild are daemons like Apache, which are often statically linked and which you may or may not have installed as ports. (I built it straight from the Apache Project tarball.) And if you've installed anything as a binary package, be careful! As I've mentioned before on this list, the packages on the FreeBSD servers are not rebuilt nightly (as they should be). Every package on the public servers is probably STILL built with the faulty libc. Whoever manages ftp.freebsd.org should immediately take the package collection offline until the entire collection is rebuilt, and then make sure the mirrors get it. It would also be nice to start seeing those nightly builds (using make, of course, so that effort is not wasted if nothing has changed). --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206271617.KAA04440>