An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

A flaw in Apache HTTP Server software recently came into limelight. The Apache HTTP Server is a popular open source web server powers 40% of the whole Internet. A security engineer from Ambionics Security firm recently tweeted about the vulnerability, and it has been patched since then by the Apache developers in the latest version 2.4.39

The versions vulnerable to the flaws are versions 2.4.17 to 2.4.38. The flaw may lead an unauthorized user to execute arbitrary code with root privileges on the targeted server.

In his blog post, Charles Fol, the security engineer who first discovered the flaw stated that how an attacker can exploit this flaw in 4 before mentioned steps:

Obtain R/W access on a worker process,

Write a fake prefork_child_bucket structure in the SHM,

Make all_buckets[bucket] point to the structure,

Await 6:25AM to get an arbitrary function call.

Tag : Apache

An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

Related tutorials in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

Related forums in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

Related news in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts