From owner-freebsd-security Tue Jun 18 21:18: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from omta03.mta.everyone.net (sitemail3.everyone.net [216.200.145.37]) by hub.freebsd.org (Postfix) with ESMTP id E20D137B411 for ; Tue, 18 Jun 2002 21:18:01 -0700 (PDT) Received: from sitemail.everyone.net (dsnat [216.200.145.62]) by omta03.mta.everyone.net (Postfix) with ESMTP id 05E3A48CC4 for ; Tue, 18 Jun 2002 21:18:00 -0700 (PDT) Received: by sitemail.everyone.net (Postfix, from userid 99) id ECD6E2756; Tue, 18 Jun 2002 21:17:59 -0700 (PDT) Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Date: Tue, 18 Jun 2002 21:17:59 -0700 (PDT) From: Muhammad Faisal Rauf Danka To: freebsd-security@freebsd.org Subject: Apache Web Server Chunk Handling Vulnerability Reply-To: mfrd@attitudex.com X-Originating-Ip: [202.5.128.45] Message-Id: <20020619041759.ECD6E2756@sitemail.everyone.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There is a remotely exploitable vulnerability in the way that Apache web servers (or other web servers based on their source code) handle data encoded in chunks. This vulnerability is present by default in configurations of Apache web server versions 1.2.2 and above, 1.3 through 1.3.24, and versions 2.0 through 2.0.36. The impact of this vulnerability is dependent upon the software version and the hardware platform the server is running on. Detailed CERT advisory can be found at: http://www.cert.org/advisories/CA-2002-17.html You can download the new releases from: http://www.apache.org/dist/httpd/ Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message