Date: Sun, 28 Aug 2011 01:02:56 GMT From: Alvaro <gobledb@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: www/160247: Website vulnerability Message-ID: <201108280102.p7S12ujx022732@red.freebsd.org> Resent-Message-ID: <201108280110.p7S1A84U077929@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 160247 >Category: www >Synopsis: Website vulnerability >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-www >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Aug 28 01:10:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Alvaro >Release: none >Organization: none >Environment: FreeBSD shuttle0.lan 9.0-BETA1 FreeBSD 9.0-BETA1 #4: Fri Aug 26 05:37:30 WEST 2011 netSys@shuttle0.lan:/usr/obj/usr/src/sys/GALILEO amd64 >Description: The problem is on mod_deflate. ===>Action > perl killapache.pl www.freebsd.org 50 host seems vuln ATTACKING www.freebsd.org [using 50 forks] Redhat reported this but is waiting for Apache Foundation https://bugzilla.redhat.com/show_bug.cgi?id=732928 http://www.exploit-db.com/exploits/17696/ Note: PC-BSD has got a better security that OpenBSD (wtf) and FreeBSD (?) > perl killapache.pl www.pcbsd.org 50 Host does not seem vulnerable > perl killapache.pl www.openbsd.org 50 host seems vuln ATTACKING www.openbsd.org [using 50 forks] =====> References http://www.dslreports.com/forum/r26243047-Apache-1.x-2.x-Range-header-security-issue http://seclists.org/fulldisclosure/2011/Aug/175 Cheers! >How-To-Repeat: Download the scipt Install devel/p5-Parallel-ForkManager perl script_name.pl www.freebsd.org 50 >Fix: Disable mod_deflate and wait Apache Foundation will correct it. (I think so) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201108280102.p7S12ujx022732>