Red Hat has released a range of patches for its Linux 7.1, 7.2 amd 7.3 versions which previously allowed a local user to fire off denial of service attacks.

The real issue comes with the Apache Web server. It was discovered that if someone gained access to the main configuration and access-restriction files used with Apache, they could execute arbitrary code i.e. set up a denial of service attack. They could also gained increased system priviledges, making the possibility of other hacks larger.

All users of Apache have been advised to upgrade, at the same time shutting down other holes. It affects all versions prior to 1.3.29. The actual vulnerability, CAN-2003-0542 is eloquently described as "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures." Read more here.

Just today, 13 NASA websites were defaced using Apache and Linux exploits. A Brazilian hacker group apparently used a PHP script to get to the local level of Linux through Apache and then used a known hole in the Linux kernel to get admin rights. Having got that far they then displayed their knowledge and wisdom of non-IT related matters by incoherently ranting about the Iraq war. Still, it's the thought that counts.

For those wanting to read more, or download the updates, visit the Apache site here.