Date: Sat, 29 Jun 2002 13:38:05 -0400 From: "charles woolverton" <charles.woolverton@tastik.net> To: <freebsd-bugbusters@FreeBSD.org> Cc: <freebsd-doc@FreeBSD.OR>, <Gsecurity-officer@FreeBSD.org> Subject: Fw: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT Message-ID: <000d01c21f93$ba1ef600$050da8c0@hustla>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Team FBSD I apologize, I stand corrected. :) I would still suggest being that Nimda was quite lethal (especially to large hosting providers), that you put an Alert link on the front of the site.. http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1492768+0+current/freebsd-security Thank you, -charles ----- Original Message ----- From: charles woolverton To: freebsd-doc@FreeBSD.ORG Sent: Saturday, June 29, 2002 1:21 PM Subject: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT Team FBSD I did not see an advisory on your site, but as of June 16, 2002, there was an "Apache HTTP Server chunk encoding stack overflow" discovered. I have not been able to find this on Apache's website either. However, there has been sevreal reports to securityfocus.org about Apache chunk encoding issues. It appears that a new Worm has been identified by the Symantec staff that targets FreeBSD systems via this Apache exploitable issue. Please see: Symantec's 'FreeBSD.Scalper.Worm' advisory - 06/28/2002 http://securityresponse.symantec.com/avcenter/security/Content/2049.html Please see: Symantec's Apache HTTP Server chunk encoding stack overfow advisory 06/17/2002 http://securityresponse.symantec.com/avcenter/security/Content/2049.html Please see: Securityfocus advisories- 06/17/2002 - 06/28/2002 CA-2002-17 http://online.securityfocus.com/advisories/4210 20020605-01-A http://online.securityfocus.com/advisories/4212 CLA-2002:498 http://online.securityfocus.com/advisories/4226 apache-worm.c - Supposedly the source code is available here http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0 Apache worm in the wild post http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0 CAN-2002-0392 - Apache Chunked-Encoding Corruption Vulnerability http://online.securityfocus.com/bid/5033 Apache goes berserk - May be related (What you may receive if being attacked) http://online.securityfocus.com/archive/75/279373 I don't know if you put many security alerts on your site, however I'd ask that you do place this one on. At my company we have been encouraging our larger Managed Hosting customers to use FreeBSD. However, being that most people that are / may be familiar with any nix flavor don't use Symantec's website, and it's sad to say "Don't keep up with security alerts", I would suggest putting something on the frontpage of FreeBSD.org. Especially after what happened many times before with Windows and Nimda/varients. Thank you, Charles Woolverton Tastik.net charles.woolverton@tasik.net [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.2716.2200" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>Team FBSD</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>I apologize, I stand corrected. :) I would still suggest being that Nimda was quite lethal (especially to large hosting providers), that you put an Alert link on the front of the site..</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2><A href="http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1492768+0+current/freebsd-security">http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1492768+0+current/freebsd-security</A></FONT></DIV>; <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Thank you,</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>-charles</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV style="FONT: 10pt arial">----- Original Message ----- <DIV style="BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A title=charles.woolverton@tastik.net href="mailto:charles.woolverton@tastik.net">charles woolverton</A> </DIV> <DIV><B>To:</B> <A title=freebsd-doc@FreeBSD.ORG href="mailto:freebsd-doc@FreeBSD.ORG">freebsd-doc@FreeBSD.ORG</A> </DIV> <DIV><B>Sent:</B> Saturday, June 29, 2002 1:21 PM</DIV> <DIV><B>Subject:</B> NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT</DIV></DIV> <DIV><BR></DIV> <DIV><FONT face=Arial size=2>Team FBSD</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>I did not see an advisory on your site, but as of June 16, 2002, there was an "Apache HTTP Server chunk encoding stack overflow" discovered. I have not been able to find this on Apache's website either. However, there has been sevreal reports to securityfocus.org about Apache chunk encoding issues.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>It appears that a new Worm has been identified by the Symantec staff that targets FreeBSD systems via this Apache exploitable issue.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2><STRONG>Please see: Symantec's 'FreeBSD.Scalper.Worm' advisory - 06/28/2002</STRONG></FONT></DIV> <DIV><A href="http://securityresponse.symantec.com/avcenter/security/Content/2049.html">http://securityresponse.symantec.com/avcenter/security/Content/2049.html</A><BR></DIV>; <DIV><FONT face=Arial size=2><STRONG>Please see: Symantec's Apache HTTP Server chunk encoding stack overfow advisory 06/17/2002</STRONG></FONT></DIV> <DIV><FONT face=Arial size=2><A href="http://securityresponse.symantec.com/avcenter/security/Content/2049.html">http://securityresponse.symantec.com/avcenter/security/Content/2049.html</A></FONT></DIV>; <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2><STRONG>Please see: Securityfocus a<SPAN class=bodytext><FONT face="Times New Roman" size=3>dvisories- 06/17/2002 - 06/28/2002</FONT></SPAN></STRONG></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext> CA-2002-17</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><A href="http://online.securityfocus.com/advisories/4210">http://online.securityfocus.com/advisories/4210</A></SPAN></FONT></DIV>; <DIV><FONT face=Arial size=2><SPAN class=bodytext> 20020605-01-A</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><A href="http://online.securityfocus.com/advisories/4212">http://online.securityfocus.com/advisories/4212</A></SPAN></FONT></DIV>; <DIV><FONT face=Arial size=2><SPAN class=bodytext> CLA-2002:498</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><A href="http://online.securityfocus.com/advisories/4226">http://online.securityfocus.com/advisories/4226</A></SPAN></FONT></DIV>; <DIV><FONT face=Arial size=2><SPAN class=bodytext> apache-worm.c - Supposedly the source code is available here</SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><A href="http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0">http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0</A></SPAN></SPAN></FONT></DIV>; <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext> Apache worm in the wild post</SPAN></SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><A href="http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0">http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0</A></SPAN></SPAN></FONT></DIV>; <DIV><FONT size=+0><SPAN class=bodytext><SPAN class=bodytext><FONT size=2><FONT face=Arial> <SPAN class=bodytext>CAN-2002-0392 - </SPAN></FONT></FONT></SPAN></SPAN></FONT><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext>Apache Chunked-Encoding Corruption Vulnerability</SPAN></SPAN></SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext><A href="http://online.securityfocus.com/bid/5033">http://online.securityfocus.com/bid/5033</A></SPAN></SPAN></SPAN></FONT></DIV>; <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext> Apache goes berserk - May be related (What you may receive if being attacked)</SPAN></SPAN></SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext><A href="http://online.securityfocus.com/archive/75/279373">http://online.securityfocus.com/archive/75/279373</A></SPAN></SPAN></SPAN></FONT></DIV>; <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext></SPAN></SPAN></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext>I don't know if you put many security alerts on your site, however I'd ask that you do place this one on. At my company we have been encouraging our larger Managed Hosting customers to use FreeBSD. However, being that most people that are / may be familiar with any nix flavor don't use Symantec's website, and it's sad to say "Don't keep up with security alerts", I would suggest putting something on the frontpage of FreeBSD.org. Especially after what happened many times before with Windows and Nimda/varients.</SPAN></SPAN></SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext></SPAN></SPAN></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext></SPAN></SPAN></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext>Thank you,</SPAN></SPAN></SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext></SPAN></SPAN></SPAN></FONT> </DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext>Charles Woolverton</SPAN></SPAN></SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext>Tastik.net</SPAN></SPAN></SPAN></FONT></DIV> <DIV><FONT face=Arial size=2><SPAN class=bodytext><SPAN class=bodytext><SPAN class=bodytext><A href="mailto:charles.woolverton@tasik.net">charles.woolverton@tasik.net</A></SPAN></SPAN></SPAN></FONT></DIV></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c21f93$ba1ef600$050da8c0>