SwiftD's questions

我不完全确定这是否是这个问题的正确位置，但我想构建一个服务器来运行一些实验并且我正在考虑 arm，我的大部分代码都可以编译为在 arm 上运行，但会有一些外部依赖项它可能必须在 x86 上运行，所以我试图了解它的外观。

我知道从 arm 运行 x86 应用程序会降低性能。我不完全清楚这是如何处理的——例如，我假设如果给定的应用程序没有为 arm 编译，它将不会在 arm 环境中本地运行，那么调用这样一个应用程序的过程是什么——例如操作系统是否识别它作为一个可执行文件并以某种方式在后台模拟 x86 调用（我猜可能依赖于操作系统），或者您是否必须启动一个完整的虚拟化 x86 环境才能运行这些 x86 应用程序。

我使用了一系列虚拟化技术，我对这将如何影响典型的 2 类管理程序特别感兴趣（从 x86 到 x86 与 arm 到 x86 是否有额外的惩罚，以及无论如何映射窗口调用的 wine 之类的东西 - 是在这个时候甚至支持这个？

希望简要说明其工作原理以及所描述操作的任何性能基准的链接

我一直在对我们的网络服务器进行一些渗透测试，它提出了一些问题。其中之一是 apache 需要安全更新（http://www.ubuntu.com/usn/usn-1765-1/）。

我正在运行 ubuntu 12.04 LTS，该页面上的说明建议运行

apt-get 更新

其次是

apt-get 升级

将解决问题，不幸的是我被告知没有要更新的软件包。我尝试从链接下载压缩包，但现在我已经解压缩了，我不确定如何处理它。

搜索谷歌似乎轰炸了有关如何安装 apache 的说明，但如果有人知道这将是一个很棒的指南。非常感谢任何建议。

apt-cache 策略 apache2 的输出：

apache2:
  Installed: 2.2.22-1ubuntu1.4
  Candidate: 2.2.22-1ubuntu1.4
  Version table:
 *** 2.2.22-1ubuntu1.4 0
        500 http://mirror.rackspace.com/ubuntu/ precise-updates/main amd64 Packages
        500 http://mirror.rackspace.com/ubuntu/ precise-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.2.22-1ubuntu1 0
        500 http://mirror.rackspace.com/ubuntu/ precise/main amd64 Packages

dpkg -l apache* 的输出

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
un  apache         <none>         (no description available)
un  apache-common  <none>         (no description available)
un  apache-utils   <none>         (no description available)
ii  apache2        2.2.22-1ubuntu Apache HTTP Server metapackage
un  apache2-common <none>         (no description available)
un  apache2-doc    <none>         (no description available)
un  apache2-mpm    <none>         (no description available)
un  apache2-mpm-ev <none>         (no description available)
un  apache2-mpm-it <none>         (no description available)
ii  apache2-mpm-pr 2.2.22-1ubuntu Apache HTTP Server - traditional non-threade
un  apache2-mpm-wo <none>         (no description available)
un  apache2-suexec <none>         (no description available)
un  apache2-suexec <none>         (no description available)
ii  apache2-utils  2.2.22-1ubuntu utility programs for webservers
ii  apache2.2-bin  2.2.22-1ubuntu Apache HTTP Server common binary files
ii  apache2.2-comm 2.2.22-1ubuntu Apache HTTP Server common files

以下是突出问题的渗透测试内容：

    Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day  


QID:
    86847
Category:
    Web server
CVE ID:
    -
Vendor Reference
    -
Bugtraq ID:
    -
Service Modified:
    05/30/2013
User Modified:
    -
Edited:
    No
PCI Vuln:
    No

THREAT:
    The Apache HTTP Server, commonly referred to as Apache is a freely available Web server.

    Apache is vulnerable to a denial of service due to holding a connection open for partial HTTP requests.

    Apache Versions 1.x and 2.x are vulnerable.
IMPACT:
    A remote attacker can cause a denial of service against the Web server which would prevent legitimate users from accessing the site.

    Denial of service tools and scripts such as Slowloris takes advantage of this vulnerability.
SOLUTION:
    Patch -
    There are no vendor-supplied patches available at this time.

    Workaround:
    - Reverse proxies, load balancers and iptables can help to prevent this attack from occurring.

    - Adjusting the TimeOut Directive can also prevent this attack from occurring.

    - A new module mod_reqtimeout has been introduced since Apache 2.2.15 to provide tools for mitigation against these forms of attack.

    Also refer to Cert Blog and Slowloris and Mitigations for Apache document for further information.
COMPLIANCE:
    Not Applicable
EXPLOITABILITY:
    There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
    There is no malware information for this vulnerability.
RESULTS:
    QID: 86847 detected on port 80 over TCP - Apache/2.2.22 (Ubuntu)


3
    Apache HTTP Server Prior to 2.2.23 Multiple Vulnerabilities     


QID:
    87133
Category:
    Web server
CVE ID:
    CVE-2012-2687 CVE-2012-0883 
Vendor Reference
    Apache
Bugtraq ID:
    53046, 55131
Service Modified:
    01/02/2013
User Modified:
    -
Edited:
    No
PCI Vuln:
    Yes

THREAT:
    Apache HTTP Server is an HTTP web server application.

    Apache server prior to version 2.2.23 is affected by multiple issues:

    Insecure LD_LIBRARY_PATH handling

    Cross-site scripting in mod_negotiation when untrusted uploads are supported Affected Versions:
    Apache HTTP Server prior to version 2.2.23
IMPACT:
    Successful exploitation may lead to execution of arbitrary code on the system within the context of the affected applications.

SOLUTION:
    These vulnerabilities have been patched in Apache 2.2.23. Refer to Apache httpd 2.2 Security Vulnerabilities.

    Patch:
    Following are links for downloading patches to fix the vulnerabilities:

    Apache 2.2.23 (Apache HTTP Server)
COMPLIANCE:
    Not Applicable
EXPLOITABILITY:
    There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
    There is no malware information for this vulnerability.
RESULTS:
    QID 87133 detected on port 80 - Apache/2.2.22 (Ubuntu)


3
    Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities   port 80/tcp


QID:
    87156
Category:
    Web server
CVE ID:
    CVE-2012-3499 CVE-2012-4558 
Vendor Reference
    Apache httpd 2.2 Vulnerabilities, Apache httpd 2.4 Vulnerabilities
Bugtraq ID:
    58165
Service Modified:
    05/22/2013
User Modified:
    -
Edited:
    No
PCI Vuln:
    Yes

THREAT:
    Apache HTTP Server is an HTTP web server application.

    Apache HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

    - Various XSS flaws exist due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.

    - A XSS flaw affects the mod_proxy_balancer manager interface.

    Affected Versions:
    Apache HTTP Server prior to 2.4.4
    Apache HTTP Server prior to 2.2.24
IMPACT:
    An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker launch additional attacks. 
SOLUTION:
    These vulnerabilities have been patched in Apache 2.2.24 and 2.4.4. Refer to Apache httpd 2.4.4 Changelog and Apache httpd 2.2.24 Changelog.

    Ubuntu users refer to Ubuntu advisory USN-1765-1 for affected packages and patching details, or update with your package manager.

    Patch:
    Following are links for downloading patches to fix the vulnerabilities:

    Apache 2.2.24 (Apache HTTP Server 2.2.24)

    Apache 2.4.4 (Apache HTTP Server 2.4.4)
COMPLIANCE:
    Not Applicable
EXPLOITABILITY:
    There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
    There is no malware information for this vulnerability.
RESULTS:
    QID 87156 detected on port 80 - Apache/2.2.22 (Ubuntu)


3
    Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities     port 80/tcp


QID:
    87233
Category:
    Web server
CVE ID:
    CVE-2013-1896 CVE-2013-1862 
Vendor Reference
    Apache 2.2.25
Bugtraq ID:
    -
Service Modified:
    07/15/2013
User Modified:
    -
Edited:
    No
PCI Vuln:
    Yes

THREAT:
    Apache HTTP Server is an HTTP web server application.

    Apache HTTP Server versons before to 2.2.25 are exposed to following vulnerabilities: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator (CVE-2013-1862).
    mod_dav.c in the Apache HTTP Server versions before 2.2.25 do not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI (CVE-2013-1896).
IMPACT:
    Successfully exploiting these vulnerabilities might allow a remote attacker to execute code or cause denial of service.
SOLUTION:
    These vulnerabilities have been patched in Apache 2.2.25. Refer to Apache httpd 2.2.25 Changelog.

    Patch:
    Following are links for downloading patches to fix the vulnerabilities:

    Apache 2.2.25
COMPLIANCE:
    Not Applicable
EXPLOITABILITY:
    There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
    There is no malware information for this vulnerability.
RESULTS:
    QID 87233 detected on port 80 - Apache/2.2.22 (Ubuntu)