Ubuntu
modsecurity-apache package

apache2 crash with modsecurity secremoterules

Bug #1916108 reported by Malware.Expert
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
modsecurity-apache (Ubuntu)
New
Undecided
Unassigned

Bug Description

Modsecurity configuration try load remote rules:
SecRemoteRules serial.key https://rules.malware.expert/download.php?rules=generic

Causing crash:
Feb 19 04:42:47 localhost systemd[1]: Starting The Apache HTTP Server...
Feb 19 04:42:48 localhost kernel: [40737.981217] apache2[10455]: segfault at 2d ip 00007fc0b6c1c14b sp 00007ffc0de6b730 error 4 in mod_security2.so[7fc0b6bf2000+47000]
Feb 19 04:42:48 localhost kernel: [40737.981227] Code: e8 6a 6d fd ff 66 2e 0f 1f 84 00 00 00 00 00 41 57 41 56 41 55 49 89 f5 41 54 55 4c 89 c5 53 48 89 d3 48 0f af d9 48 83 ec 08 <4d> 8b 60 08 4d 85 e4 75 5c 49 89 ff 48 8d 7b 01 4d 89 ce e8 1d 63
Feb 19 04:42:49 localhost apachectl[10445]: Segmentation fault (core dumped)
Feb 19 04:42:49 localhost apachectl[10445]: Action 'start' failed.
Feb 19 04:42:49 localhost apachectl[10445]: The Apache error log may have more information.
Feb 19 04:42:49 localhost systemd[1]: apache2.service: Control process exited, code=exited, status=139/n/a
Feb 19 04:42:49 localhost systemd[1]: apache2.service: Failed with result 'exit-code'.
Feb 19 04:42:49 localhost systemd[1]: Failed to start The Apache HTTP Server.

There is BUG in modsecurity 2.9.3 with secremoterules if sources are downloaded in: https://www.modsecurity.org/tarball/2.9.3/modsecurity-2.9.3.tar.gz

More information:
https://github.com/SpiderLabs/ModSecurity/issues/1982

#lsb_release -rd
Description: Ubuntu 20.04.2 LTS
Release: 20.04

#apt-cache policy libapache2-mod-security2
libapache2-mod-security2:
  Installed: 2.9.3-1
  Candidate: 2.9.3-1
  Version table:
 *** 2.9.3-1 500
        500 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        100 /var/lib/dpkg/status

Revision history for this message
Gary (gevensen) wrote :

You can close this I am the one person affected by this. I saw modsec has 3.0.4 now so i upgraded and it is working now

Revision history for this message
Malware.Expert (malware-expert) wrote : Re: [Bug 1916108] Re: apache2 crash with modsecurity secremoterules

Hi Gary,

ok, let see when they answer if answer (i'll keep open for that).

You can delete my account your server.

--
Best Regards
- Jani
------------------------------
Commercial WAF Rules || sRBL DataBase || Malware Signatures || Free RBL DataBase || Malware Scanner
email: <email address hidden>
www: http://malware.expert

March 6, 2021 7:45 PM, "Gary" <email address hidden> wrote:

> You can close this I am the one person affected by this. I saw modsec
> has 3.0.4 now so i upgraded and it is working now
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1916108
>
> Title:
> apache2 crash with modsecurity secremoterules
>
> Status in modsecurity-apache package in Ubuntu:
> New
>
> Bug description:
> Modsecurity configuration try load remote rules:
> SecRemoteRules serial.key https://rules.malware.expert/download.php?rules=generic
>
> Causing crash:
> Feb 19 04:42:47 localhost systemd[1]: Starting The Apache HTTP Server...
> Feb 19 04:42:48 localhost kernel: [40737.981217] apache2[10455]: segfault at 2d ip 00007fc0b6c1c14b
> sp 00007ffc0de6b730 error 4 in mod_security2.so[7fc0b6bf2000+47000]
> Feb 19 04:42:48 localhost kernel: [40737.981227] Code: e8 6a 6d fd ff 66 2e 0f 1f 84 00 00 00 00 00
> 41 57 41 56 41 55 49 89 f5 41 54 55 4c 89 c5 53 48 89 d3 48 0f af d9 48 83 ec 08 <4d> 8b 60 08 4d
> 85 e4 75 5c 49 89 ff 48 8d 7b 01 4d 89 ce e8 1d 63
> Feb 19 04:42:49 localhost apachectl[10445]: Segmentation fault (core dumped)
> Feb 19 04:42:49 localhost apachectl[10445]: Action 'start' failed.
> Feb 19 04:42:49 localhost apachectl[10445]: The Apache error log may have more information.
> Feb 19 04:42:49 localhost systemd[1]: apache2.service: Control process exited, code=exited,
> status=139/n/a
> Feb 19 04:42:49 localhost systemd[1]: apache2.service: Failed with result 'exit-code'.
> Feb 19 04:42:49 localhost systemd[1]: Failed to start The Apache HTTP Server.
>
> There is BUG in modsecurity 2.9.3 with secremoterules if sources are
> downloaded in:
> https://www.modsecurity.org/tarball/2.9.3/modsecurity-2.9.3.tar.gz
>
> More information:
> https://github.com/SpiderLabs/ModSecurity/issues/1982
>
> #lsb_release -rd
> Description: Ubuntu 20.04.2 LTS
> Release: 20.04
>
> #apt-cache policy libapache2-mod-security2
> libapache2-mod-security2:
> Installed: 2.9.3-1
> Candidate: 2.9.3-1
> Version table:
> *** 2.9.3-1 500
> 500 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
> 100 /var/lib/dpkg/status
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/modsecurity-apache/+bug/1916108/+subscriptions

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.