UK Dedicated Servers



Meta

Top Ten Posts

Apple has released Patch for it 40 top most vulnerabilities.

Apple has come out with a patch to fix the top 40 most vulnerabilities for it Mac OS X ecosystem. The security update which is available for Apple Leopard and Tiger covers most of the third party application flaws and also covers the Mac OS X flaws.

The major risk in the flaws was from risk of remote code executions attacks.

The top most vulnerability documented is as follows:

  • Apache: CVE-2007-6420, CVE-2008-1678, CVE-2008-2364) Apache is updated to version 2.2.9 to address several vulnerabilities, the most serious of which may lead to cross site request forgery.  Note: Apache version 2 is bundled with Mac OS X Server v10.4.x systems, but is not active by default.
  • ClamAV: (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914) Multiple vulnerabilities exist in ClamAV 0.93.3, the most serious of which may lead to arbitrary code execution.
  • ColorSync CVE-2008-3642) A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution.
  • CUPS (CVE-2008-3641) A range checking issue exists in the Hewlett-Packard Graphics Language (HPGL) filter, which may cause arbitrary memory to be overwritten with controlled data. If Printer Sharing is enabled, a remote attacker may be able to cause arbitrary code execution with the privileges of the ‘lp’ user. If Printer Sharing is not enabled, a local user may be able to obtain elevated privileges.
  • libxslt (CVE-2008-1767)  A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution.
  • MySQL Server (CVE-2007-2691, CVE-2007-5969, CVE-2008-0226, CVE-2008-0227, CVE-2008-2079) MySQL is updated to version 5.0.67 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution.
  • PHP (CVE-2007-4850, CVE-2008-0674, CVE-2008-2371) PHP is updated to  version 4.4.9 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.
  • PSNormalizer (CVE-2008-3647) A buffer overflow exists in PSNormalizer’s handling of the bounding box comment in PostScript files. Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution.
  • QuickLook (CVE-2008-4211) A signedness issue exists in QuickLook’s handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution.

This will definitely make using Apple much safer and increase the faith of people who want to go for MacBook’s and Mac’s.

Posted under Latest News, Network and Security

This post was written by Brad on October 11, 2008

Tags: Apache, Apple Leopard, Apple Tiger, ClamAV, Mac OS X ecosystem, MySQL Server, PHP

How to configure Apache server on LINUX.

How to configure Apache server and run your own website on LINUX.

(Configure the /etc/httpd/conf/httpd.conf file)

Login into sell and follow the commands which will surely help you to understand how a website works on Apache.

apache logo How to configure Apache server on LINUX. linux logo 250x300 How to configure Apache server on LINUX.

First we have to get Apache installed on Linux Server.

#yum -y install httpd

Here httpd is the Daemon responsible to install Apache.

We can check if Apache has successfully installed on server by

#rpm -qa httpd

If it is installed properly start the httpd service on server

#service httpd start

To manage the Linux Servers cPanel is the most popular application s/w widely used these days. So we prefer to configure the Web server as configuration followed by cPanel but we do this manually by shell

Create a user under home directory

#cd /

#cd home/

#userad Waltz

Now we have to create a directory which stores WebPages under a user

#cd Waltz

#mkdir public_html

Now create a index.html test page under your web directory public_html

#touch index.html

Put some html codes that you want to display as webpage.

#vi index.html

Once vi editor is opened press “i” (keyboard key) to come into insert mode and write following html codes

<html>
<head>
<title>Testing</title>
</head>
<body>
<p>This is my website</p>
</body>
</html>

Now we have created a test page which has following path

/home/waltz/public_html/index.html

This is the path which we have to set into httpd.conf file which is known as setting of Document Root

#vi /etc/httpd/conf/httpd.conf

<VirtualHost “your ip address “:80>
ServerName your servername
DocumentRoot “/home/waltz/public_html”
</VirtualHost>

Most importantly we have to set UserDir to Public_html

Now restart httpd service

#service httpd restart

Until the domain is registered, you can access this site by ipaddress.

Put http://ip/~Waltz into your browser

You will surly get forbidden page or permission error.  To trouble shoot it set following permissions

#chmod 771 waltz
#chmod 750 public_html
and 644 to the index.html

Set the ownership of public_html as follows

#chown waltz:nobody public_html

Now access your website

Posted under Linux Hosting

This post was written by Waltz on October 3, 2008

Tags: Apache, Apache server, cPanel, httpd server, Linux

Search

Categories