From owner-freebsd-bugbusters Tue Jun 25 2:52:29 2002
Delivered-To: freebsd-bugbusters@freebsd.org
Received: from hotmail.com (oe55.pav2.hotmail.com [64.4.36.63])
by hub.freebsd.org (Postfix) with ESMTP
id 5EC1537B40C; Tue, 25 Jun 2002 02:49:32 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Tue, 25 Jun 2002 02:49:31 -0700
X-Originating-IP: [203.144.144.233]
From: "mont" <sl@hotmail.com>
To: <FreeBSD-gnats@freefall.freebsd.org>
Subject: =?windows-874?B?cGFydC10aW1lIDUsMDAwLTEwLDAwMCCk2LOh57fT5LTpICEhIQ==?=
Date: Tue, 25 Jun 2002 16:45:39 +0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_01FE_01C21C67.BCB0AE60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <OE55MFqxLJzbcsDFCa000017fbb@hotmail.com>
X-OriginalArrivalTime: 25 Jun 2002 09:49:31.0844 (UTC) FILETIME=[9AF1D040:01C21C2D]
Sender: owner-freebsd-bugbusters@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugbusters.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugbusters>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugbusters>
X-Loop: FreeBSD.ORG
This is a multi-part message in MIME format.
------=_NextPart_000_01FE_01C21C67.BCB0AE60
Content-Type: text/plain;
charset="windows-874"
Content-Transfer-Encoding: quoted-printable
=
=C3=D0=BA=BA=A1=D2=C3=B7=D3=A7=D2=B9=A2=CD=A7=B8=D8=C3=A1=D4=A8=E3=B9=CD=B9=
=D2=A4=B5
=B7=D3=E4=B4=E9=A7=E8=D2=C2 =
=E1=C5=D0=CA=C3=E9=D2=A7=C3=D2=C2=E4=B4=E9=A7=D2=C1=A8=D2=A1=A1=D2=C3=B7=D3=
=A7=D2=B9=BC=E8=D2=B9=C3=D0=BA=BA
=BC=C1=C1=D5=C3=D2=C2=E4=B4=E9=C1=D2=A1=A1=C7=E8=D2 30,000 / =
=E0=B4=D7=CD=B9 =
=A8=D2=A1=A1=D2=C3=B7=D3=A7=D2=B9=E0=BE=D5=C2=A7=C7=D1=B9=C5=D0 2-3 =
=AA=D1=E8=C7=E2=C1=A7=E0=B7=E8=D2=B9=D1=E9=B9
=E2=CD=A1=D2=CA=C1=D2=B6=D6=A7=A4=D8=B3=E1=C5=E9=C7 !
=
=E0=CB=C5=D7=CD=E1=B5=E8=E0=BE=D5=C2=A7=A4=D8=B3=A8=D0=A4=C7=E9=D2=C1=D1=B9=
=CB=C3=D7=CD=E0=BB=C5=E8=D2
=A1=D2=C3=BA=C3=C3=C2=D2=C2=E1=B9=D0=B9=D3=B8=D8=C3=A1=D4=A8 =
International E-Business
=E0=C3=D5=C2=B9=C3=D9=E9=C7=D4=B8=D5=A1=D2=C3=B7=D3=A7=D2=B9 =
=B8=D8=C3=A1=D4=A8=B9=D2=B9=D2=AA=D2=B5=D4 =BA=B9 Internet=20
=
=E0=C3=D5=C2=B9=C3=D9=E9=E1=BC=B9=A1=D2=C3=B7=D3=A7=D2=B9=E0=BE=D4=E8=C1=C3=
=D2=C2=E4=B4=E9=BE=D4=E0=C8=C9=E3=B9=E1=B5=E8=C5=D0=E0=B4=D7=CD=B9
=
=E1=BC=B9=C3=D2=C2=E4=B4=E9=CD=C2=E8=D2=A7=A8=C3=D4=A7=A8=D1=A7=E1=BA=BA=B7=
=D3=A7=D2=B9 Part-time
15,000 =B6=D6=A7 60,000 =BA=D2=B7/=E0=B4=D7=CD=B9
=E0=C7=C5=D2=B7=D5=E8=B5=E9=CD=A7=E3=AA=E9 : 7- 14 =AA=C1. =
/=CA=D1=BB=B4=D2=CB=EC=20
=
=E1=BC=B9=C3=D2=C2=E4=B4=E9=CD=C2=E8=D2=A7=A8=C3=D4=A7=A8=D1=A7=E1=BA=BA=B7=
=D3=A7=D2=B9 full-time
30,000 =B6=D6=A7 170,000 =BA=D2=B7/=E0=B4=D7=CD=B9
=E0=C7=C5=D2=B7=D5=E8=B5=E9=CD=A7=E3=AA=E9 : 20- 40 =AA=C1. =
/=CA=D1=BB=B4=D2=CB=EC=20
=A2=E8=D2=C7=B4=D5 ! =CA=D3=CB=C3=D1=BA =
=BC=D9=E9=B7=D5=E8=CD=C2=D9=E8=E3=B9=E0=A2=B5 =A1=C3=D8=A7=E0=B7=BE=CF =
=E1=C5=D0=BB=C3=D4=C1=C5=B1=C5
=
=CA=D3=C3=CD=A7=B7=D5=E8=B9=D1=E8=A7=E0=BE=D7=E8=CD=BF=D1=A7=A1=D2=C3=BA=C3=
=C3=C2=D2=C2 =BF=C3=D5 !!!
=
*************************************************************
=
=A2=CD=CD=C0=D1=C2=CB=D2=A1=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=E4=BB=B6=D6=A7=A4=
=D8=B3=E2=B4=C2=BA=D1=A7=E0=CD=D4=AD=CB=D2=A1=A4=D8=B3=E4=C1=E8=B5=E9=CD=A7=
=A1=D2=C3=C3=D1=BA=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=CD=D5=A1
=A1=C3=D8=B3=D2 =E1=A8=E9=A7 Mail =
=A2=CD=A7=A4=D8=B3=B7=D5=E8=B5=E9=CD=A7=A1=D2=C3=C5=BA=C1=D2=B7=D5=E8 =
"Unsubscribe"
=20
=20
------=_NextPart_000_01FE_01C21C67.BCB0AE60
Content-Type: text/html;
charset="windows-874"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-874">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>
<TABLE class=3DWf cellSpacing=3D0 cellPadding=3D3 width=3D674 =
align=3Dcenter border=3D0=20
nowrap>
<TBODY>
<TR>
<TD width=3D668>
<DIV>
<SCRIPT>
<!--
function Filtered()
{
return 0
}
//-->
</SCRIPT>
<TABLE class=3Dfont=20
style=3D"BORDER-RIGHT: #cc6600 2px solid; BORDER-TOP: #cc6600 2px =
solid; BORDER-LEFT: #cc6600 2px solid; BORDER-BOTTOM: #cc6600 2px solid" =
height=3D468 width=3D"34%" align=3Dleft>
<TBODY>
<TR>
<TD=20
style=3D"PADDING-RIGHT: 15px; PADDING-LEFT: 15px; =
PADDING-BOTTOM: 10px; PADDING-TOP: 10px"=20
noWrap width=3D"100%" height=3D469>
<P align=3Dcenter><SPAN lang=3Dth><FONT face=3D"Angsana New" =
color=3D#0000ff=20
=
size=3D6><B>=C3=D0=BA=BA=A1=D2=C3=B7=D3=A7=D2=B9=A2=CD=A7=B8=D8=C3=A1=D4=A8=
=E3=B9=CD=B9=D2=A4=B5</B></FONT><FONT=20
face=3D"Angsana New"><BR></FONT><FONT size=3D5><FONT=20
face=3D"Angsana New"><B>=B7=D3=E4=B4=E9=A7=E8=D2=C2=20
=
=E1=C5=D0=CA=C3=E9=D2=A7=C3=D2=C2=E4=B4=E9=A7=D2=C1=A8=D2=A1=A1=D2=C3=B7=D3=
=A7=D2=B9=BC=E8=D2=B9=C3=D0=BA=BA</B></FONT><FONT=20
face=3D"Angsana New" color=3D#ff0000><BR></FONT></FONT><FONT =
color=3D#ff0000><B><FONT face=3D"Angsana New" =
size=3D5>=BC=C1=C1=D5=C3=D2=C2=E4=B4=E9=C1=D2=A1=A1=C7=E8=D2=20
30,000 / =E0=B4=D7=CD=B9 =
=A8=D2=A1=A1=D2=C3=B7=D3=A7=D2=B9=E0=BE=D5=C2=A7=C7=D1=B9=C5=D0 2-3=20
=
=AA=D1=E8=C7=E2=C1=A7=E0=B7=E8=D2=B9=D1=E9=B9</SPAN></FONT></B></FONT><SP=
AN lang=3Dth><SPAN=20
lang=3Dth><FONT face=3D"Angsana New"><BR></FONT><B><FONT=20
face=3D"Angsana New" color=3D#000080 =
size=3D6>=E2=CD=A1=D2=CA=C1=D2=B6=D6=A7=A4=D8=B3=E1=C5=E9=C7=20
!</FONT><FONT face=3D"Angsana New" color=3D#000080=20
=
size=3D5><BR>=E0=CB=C5=D7=CD=E1=B5=E8=E0=BE=D5=C2=A7=A4=D8=B3=A8=D0=A4=C7=
=E9=D2=C1=D1=B9=CB=C3=D7=CD=E0=BB=C5=E8=D2<BR></FONT></B><BR></SPAN></SPA=
N><B><FONT=20
style=3D"FONT-SIZE: 20pt" face=3D"Angsana New"=20
=
color=3D#800000>=A1=D2=C3=BA=C3=C3=C2=D2=C2=E1=B9=D0=B9=D3=B8=D8=C3=A1=D4=
=A8 International=20
E-Business</FONT></B><FONT color=3D#800000 =
size=3D5><BR></FONT><B><FONT=20
style=3D"FONT-SIZE: 20pt" face=3D"Angsana New"=20
=
color=3D#800000>=E0=C3=D5=C2=B9=C3=D9=E9=C7=D4=B8=D5=A1=D2=C3=B7=D3=A7=D2=
=B9 =B8=D8=C3=A1=D4=A8=B9=D2=B9=D2=AA=D2=B5=D4 =BA=B9 Internet=20
</FONT></B><FONT face=3D"Angsana New" color=3D#800000=20
size=3D6><BR></FONT><FONT style=3D"FONT-WEIGHT: 700; =
FONT-SIZE: 20pt"=20
face=3D"Angsana New"=20
=
color=3D#800000>=E0=C3=D5=C2=B9=C3=D9=E9=E1=BC=B9=A1=D2=C3=B7=D3=A7=D2=B9=
=E0=BE=D4=E8=C1=C3=D2=C2=E4=B4=E9=BE=D4=E0=C8=C9=E3=B9=E1=B5=E8=C5=D0=E0=B4=
=D7=CD=B9</FONT></P>
<P align=3Dcenter><FONT face=3D"Angsana New" color=3D#000080 =
size=3D5><SPAN=20
style=3D"FONT-WEIGHT: =
700">=E1=BC=B9=C3=D2=C2=E4=B4=E9=CD=C2=E8=D2=A7=A8=C3=D4=A7=A8=D1=A7=E1=BA=
=BA=B7=D3=A7=D2=B9</SPAN><SPAN=20
style=3D"FONT-WEIGHT: 700"> Part-time<BR>15,000 =B6=D6=A7 =
60,000=20
=
=BA=D2=B7/=E0=B4=D7=CD=B9<BR>=E0=C7=C5=D2=B7=D5=E8=B5=E9=CD=A7=E3=AA=E9 =
: 7- 14 =AA=C1. /=CA=D1=BB=B4=D2=CB=EC=20
=
<BR>=E1=BC=B9=C3=D2=C2=E4=B4=E9=CD=C2=E8=D2=A7=A8=C3=D4=A7=A8=D1=A7=E1=BA=
=BA=B7=D3=A7=D2=B9 full-time<BR>30,000 =B6=D6=A7 170,000=20
=
=BA=D2=B7/=E0=B4=D7=CD=B9<BR>=E0=C7=C5=D2=B7=D5=E8=B5=E9=CD=A7=E3=AA=E9 =
: 20- 40 =AA=C1. /=CA=D1=BB=B4=D2=CB=EC </SPAN></FONT></P>
<P align=3Dcenter><B><FONT color=3D#ff0000><SPAN =
lang=3Dth><FONT=20
style=3D"FONT-SIZE: 28pt" face=3D"Angsana =
New">=A2=E8=D2=C7=B4=D5=20
</FONT></SPAN><FONT style=3D"FONT-SIZE: 28pt"=20
face=3D"Angsana New">!</FONT><FONT style=3D"FONT-SIZE: 22pt" =
face=3D"Angsana New"> =
</FONT></FONT><FONT=20
face=3D"Angsana New" color=3D#008000 =
size=3D5>=CA=D3=CB=C3=D1=BA =
=BC=D9=E9=B7=D5=E8=CD=C2=D9=E8=E3=B9=E0=A2=B5=20
=A1=C3=D8=A7=E0=B7=BE=CF =
=E1=C5=D0=BB=C3=D4=C1=C5=B1=C5</FONT><FONT style=3D"FONT-SIZE: 20pt"=20
face=3D"Angsana New"><BR></FONT></B><FONT face=3D"Angsana =
New"><B><A=20
style=3D"TEXT-DECORATION: none"=20
=
href=3D"http://www.namcharoen.th.com/thebest.asp?me=3D06114947"><BLINK><F=
ONT=20
color=3D#0000cc =
size=3D6>=CA=D3=C3=CD=A7=B7=D5=E8=B9=D1=E8=A7=E0=BE=D7=E8=CD=BF=D1=A7=A1=D2=
=C3=BA=C3=C3=C2=D2=C2</FONT><FONT=20
color=3D#ff0000 size=3D6> =
=BF=C3=D5</FONT></BLINK><FONT=20
color=3D#ff0000 size=3D6> !!!</FONT></A><FONT =
color=3D#ff0000=20
size=3D6><BR></FONT></B></FONT><FONT =
color=3D#0000ff><B><SPAN lang=3Den-us=20
style=3D"FONT-SIZE: 18pt; FONT-FAMILY: Angsana =
New">********************************************************</SPAN><SPAN=
=20
style=3D"FONT-SIZE: 18pt; FONT-FAMILY: Angsana =
New">*****</SPAN><SPAN=20
lang=3Den-us=20
style=3D"FONT-SIZE: 18pt; FONT-FAMILY: Angsana =
New"><BR></SPAN></B></FONT><FONT=20
=
size=3D2> &nbs=
p; =20
<SPAN=20
=
lang=3Dth>=A2=CD=CD=C0=D1=C2=CB=D2=A1=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=E4=BB=
=B6=D6=A7=A4=D8=B3=E2=B4=C2=BA=D1=A7=E0=CD=D4=AD=CB=D2=A1=A4=D8=B3=E4=C1=E8=
=B5=E9=CD=A7=A1=D2=C3=C3=D1=BA=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=CD=D5=A1<BR>=
<FONT=20
color=3D#008000> =20
=
</FONT> =
=20
=A1=C3=D8=B3=D2 =E1=A8=E9=A7</SPAN> Mail<FONT =
color=3D#008000>=20
=
</FONT>=A2=CD=A7=A4=D8=B3=B7=D5=E8=B5=E9=CD=A7=A1=D2=C3=C5=BA</FONT><SPAN=
lang=3Dth><FONT=20
size=3D2>=C1=D2=B7=D5=E8</FONT><FONT size=3D5> =
</FONT></SPAN><FONT=20
face=3D"Angsana New"><B><FONT color=3D#ff3399 size=3D5>"<A=20
href=3D"http://www.thaiworkathome.com/solo/mail.html"><FONT=20
=
color=3D#ff3399>Unsubscribe</FONT></A>"</FONT></B></FONT></P></TD></TR></=
TBODY></TABLE><FONT=20
=
color=3D#000000></DIV></FONT></TD></TR></TBODY></TABLE></FONT></DIV></BOD=
Y></HTML>
------=_NextPart_000_01FE_01C21C67.BCB0AE60--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugbusters" in the body of the message
From owner-freebsd-bugbusters Sat Jun 29 10:38:25 2002
Delivered-To: freebsd-bugbusters@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
by hub.freebsd.org (Postfix) with ESMTP
id E021D37B400; Sat, 29 Jun 2002 10:38:13 -0700 (PDT)
Received: from bitch.tastik.net (c-66-56-27-8.atl.client2.attbi.com [66.56.27.8])
by mx1.FreeBSD.org (Postfix) with ESMTP
id C03D143E13; Sat, 29 Jun 2002 10:38:12 -0700 (PDT)
(envelope-from charles.woolverton@tastik.net)
Received: from hustla (hustla [192.168.13.5])
by bitch.tastik.net (8.11.1/8.11.1) with SMTP id g5THbWu09426;
Sat, 29 Jun 2002 13:37:33 -0400 (EDT)
(envelope-from charles.woolverton@tastik.net)
Message-ID: <000d01c21f93$ba1ef600$050da8c0@hustla>
From: "charles woolverton" <charles.woolverton@tastik.net>
To: <freebsd-bugbusters@FreeBSD.org>
Cc: <freebsd-doc@FreeBSD.OR>, <Gsecurity-officer@FreeBSD.org>
Subject: Fw: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT
Date: Sat, 29 Jun 2002 13:38:05 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000A_01C21F72.32884780"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-bugbusters@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugbusters.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugbusters>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugbusters>
X-Loop: FreeBSD.ORG
This is a multi-part message in MIME format.
------=_NextPart_000_000A_01C21F72.32884780
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Team FBSD
I apologize, I stand corrected. :) I would still suggest being that =
Nimda was quite lethal (especially to large hosting providers), that you =
put an Alert link on the front of the site..
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D1492768+0+current/freebsd-=
security
Thank you,
-charles
----- Original Message -----=20
From: charles woolverton=20
To: freebsd-doc@FreeBSD.ORG=20
Sent: Saturday, June 29, 2002 1:21 PM
Subject: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT
Team FBSD
I did not see an advisory on your site, but as of June 16, 2002, there =
was an "Apache HTTP Server chunk encoding stack overflow" discovered. I =
have not been able to find this on Apache's website either. However, =
there has been sevreal reports to securityfocus.org about Apache chunk =
encoding issues.
It appears that a new Worm has been identified by the Symantec staff =
that targets FreeBSD systems via this Apache exploitable issue.
Please see: Symantec's 'FreeBSD.Scalper.Worm' advisory - 06/28/2002
http://securityresponse.symantec.com/avcenter/security/Content/2049.html
Please see: Symantec's Apache HTTP Server chunk encoding stack overfow =
advisory 06/17/2002
http://securityresponse.symantec.com/avcenter/security/Content/2049.html
Please see: Securityfocus advisories- 06/17/2002 - 06/28/2002
CA-2002-17
http://online.securityfocus.com/advisories/4210
20020605-01-A
http://online.securityfocus.com/advisories/4212
CLA-2002:498
http://online.securityfocus.com/advisories/4226
apache-worm.c - Supposedly the source code is available here
http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0
Apache worm in the wild post
http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0
CAN-2002-0392 - Apache Chunked-Encoding Corruption Vulnerability
http://online.securityfocus.com/bid/5033
Apache goes berserk - May be related (What you may receive if being =
attacked)
http://online.securityfocus.com/archive/75/279373
I don't know if you put many security alerts on your site, however I'd =
ask that you do place this one on. At my company we have been =
encouraging our larger Managed Hosting customers to use FreeBSD. =
However, being that most people that are / may be familiar with any nix =
flavor don't use Symantec's website, and it's sad to say "Don't keep up =
with security alerts", I would suggest putting something on the =
frontpage of FreeBSD.org. Especially after what happened many times =
before with Windows and Nimda/varients.
Thank you,
Charles Woolverton
Tastik.net
charles.woolverton@tasik.net
------=_NextPart_000_000A_01C21F72.32884780
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Team FBSD</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I apologize, I stand =
corrected. =20
:) I would still suggest being that Nimda was quite lethal =
(especially to=20
large hosting providers), that you put an Alert link on the front of the =
site..</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D1492768+0+current/=
freebsd-security">http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D1492768+=
0+current/freebsd-security</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thank you,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>-charles</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV style=3D"FONT: 10pt arial">----- Original Message -----=20
<DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A=20
title=3Dcharles.woolverton@tastik.net=20
href=3D"mailto:charles.woolverton@tastik.net">charles woolverton</A> =
</DIV>
<DIV><B>To:</B> <A title=3Dfreebsd-doc@FreeBSD.ORG=20
href=3D"mailto:freebsd-doc@FreeBSD.ORG">freebsd-doc@FreeBSD.ORG</A> =
</DIV>
<DIV><B>Sent:</B> Saturday, June 29, 2002 1:21 PM</DIV>
<DIV><B>Subject:</B> NEW FBSD Virus - Effects Apache Server Chunk =
encoding -=20
ALERT</DIV></DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial size=3D2>Team FBSD</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I did not see an advisory on your site, =
but as of=20
June 16, 2002, there was an "Apache HTTP Server chunk encoding stack =
overflow"=20
discovered. I have not been able to find this on Apache's website=20
either. However, there has been sevreal reports to =
securityfocus.org about=20
Apache chunk encoding issues.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>It appears that a new Worm has been =
identified by=20
the Symantec staff that targets FreeBSD systems via =
this Apache=20
exploitable issue.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>Please see: Symantec's=20
'FreeBSD.Scalper.Worm' advisory - 06/28/2002</STRONG></FONT></DIV>
<DIV><A=20
href=3D"http://securityresponse.symantec.com/avcenter/security/Content/20=
49.html">http://securityresponse.symantec.com/avcenter/security/Content/2=
049.html</A><BR></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>Please see: Symantec's Apache =
HTTP Server=20
chunk encoding stack overfow advisory 06/17/2002</STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://securityresponse.symantec.com/avcenter/security/Content/20=
49.html">http://securityresponse.symantec.com/avcenter/security/Content/2=
049.html</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>Please see: Securityfocus =
a<SPAN=20
class=3Dbodytext><FONT face=3D"Times New Roman" size=3D3>dvisories- =
06/17/2002 -=20
06/28/2002</FONT></SPAN></STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3Dbodytext> =20
CA-2002-17</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><A=20
href=3D"http://online.securityfocus.com/advisories/4210">http://online.se=
curityfocus.com/advisories/4210</A></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3Dbodytext> =20
20020605-01-A</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><A=20
href=3D"http://online.securityfocus.com/advisories/4212">http://online.se=
curityfocus.com/advisories/4212</A></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3Dbodytext> =20
CLA-2002:498</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><A=20
href=3D"http://online.securityfocus.com/advisories/4226">http://online.se=
curityfocus.com/advisories/4226</A></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3Dbodytext> =20
apache-worm.c - Supposedly the source code is available =
here</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><A=20
href=3D"http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-=
07-02/0">http://online.securityfocus.com/archive/1/279633/2002-06-26/2002=
-07-02/0</A></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN=20
class=3Dbodytext> Apache worm in the wild=20
post</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><A=20
href=3D"http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-=
07-02/0">http://online.securityfocus.com/archive/1/279529/2002-06-26/2002=
-07-02/0</A></SPAN></SPAN></FONT></DIV>
<DIV><FONT size=3D+0><SPAN class=3Dbodytext><SPAN class=3Dbodytext><FONT =
size=3D2><FONT=20
face=3DArial> <SPAN class=3Dbodytext>CAN-2002-0392 -=20
</SPAN></FONT></FONT></SPAN></SPAN></FONT><FONT face=3DArial =
size=3D2><SPAN=20
class=3Dbodytext><SPAN class=3Dbodytext><SPAN class=3Dbodytext>Apache =
Chunked-Encoding=20
Corruption Vulnerability</SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext><A=20
href=3D"http://online.securityfocus.com/bid/5033">http://online.securityf=
ocus.com/bid/5033</A></SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext> Apache goes berserk - May be related =
(What you=20
may receive if being attacked)</SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext><A=20
href=3D"http://online.securityfocus.com/archive/75/279373">http://online.=
securityfocus.com/archive/75/279373</A></SPAN></SPAN></SPAN></FONT></DIV>=
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext></SPAN></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext>I don't know if you put many security alerts on your =
site,=20
however I'd ask that you do place this one on. At my company we =
have been=20
encouraging our larger Managed Hosting customers to use FreeBSD. =
However,=20
being that most people that are / may be familiar with any nix flavor =
don't use=20
Symantec's website, and it's sad to say "Don't keep up with security =
alerts", I=20
would suggest putting something on the frontpage of FreeBSD.org. =20
Especially after what happened many times before with Windows and=20
Nimda/varients.</SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext></SPAN></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext></SPAN></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext>Thank you,</SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext></SPAN></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext>Charles Woolverton</SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext>Tastik.net</SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3Dbodytext><SPAN =
class=3Dbodytext><SPAN=20
class=3Dbodytext><A=20
href=3D"mailto:charles.woolverton@tasik.net">charles.woolverton@tasik.net=
</A></SPAN></SPAN></SPAN></FONT></DIV></BODY></HTML>
------=_NextPart_000_000A_01C21F72.32884780--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugbusters" in the body of the message