A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole

More from: | The Register |
0

Rogue ‘worker’ processes can sneak in with elevated privileges at startup

Apache HTTP Server has been given a patch to address a potentially serious elevation of privilege vulnerability.

Designated CVE-2019-0211, the flaw allows a “worker” process to change its privileges when the host server resets itself, potentially allowing anyone with a local account to run commands with root clearance, essentially giving them complete control over the targeted machine.

The bug was discovered by researcher Charles Fol of security shop Ambionics, who privately reported the issue to Apache. Admins can get the vulnerability sealed up by making sure their servers are updated to version 2.4.39 or later.

While elevation of privilege vulnerabilities are not generally considered particularly serious bugs (after all,

(...)

Read full article » http://go.theregister.com/feed/www.theregister.co.uk/2019/04/03/apache_server_fix/


About | The Register |

The Register is a leading global online tech publication, with more than nine million monthly unique browsers worldwide. The core audiences are the UK and US, accounting for more than six million. The bulk of the remaining readership are located in Canada, Australia and northern Europe.

Starting out in London in 1994 as an occasional email newsletter, The Register began publishing online daily in 1998. Today The Register is headquartered in London, San Francisco and Sydney and the sun never sets on its reporting team around the world.

»Twitter: @TheRegister »Facebook: @VultureCentral