The Internet is becoming more susceptible to a variety of security risks due to problems in the software behind it. A new bug in Apache has recently been found that allows people to run malicious programs or access data. Bugs have also been discovered in Windows 2000 that allow people to gain rights that allow access to files and accounts on the server.
Apache users who have version 2.0.39 and earlier are vulnerable to the exploit, provided they are using a non-UNIX platform like Windows and OS/2 (UNIX platforms aren't effected). The problem arises when a user fails to execute a script – when this happens the full path can be revealed and this is exactly the sort of information a hacker is seeking, this also opens up the possibility of hackers running applications on the server.
Luckily the Apache software is normally used on UNIX based systems so this flaw doesn't concern the majority of users. A patch is available from the Apache web site and this solves the issue.
With Windows 2000 there is a problem affecting the NCM (Network Connection Manager) and this allows hackers to (through a quite difficult method) use the NCM to run programs with full privileges, although they would need a lower privilege to do so, which can be available from workstations/Terminal Services servers on many networks. There is also a patch available from Microsoft to solve this issue and the relative risk is low.
News source: ZDNet
View: Apache Homepage
-1 Comments - Add comment