Date: Wed, 14 May 2003 19:25:07 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Sunil Sunder Raj <unixtools@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Php apachec problem Message-ID: <20030514182507.GC69479@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <BAY8-F15nRAE3H7cAmZ0001567b@hotmail.com> References: <BAY8-F15nRAE3H7cAmZ0001567b@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--LwW0XdcUbUexiWVK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, May 14, 2003 at 06:59:37PM +0530, Sunil Sunder Raj wrote:
> Hi,
> Has anybody gone through these errors.
>=20
> httpd in free(): warning: chunk is already free.
> httpd in free(): warning: recursive call.
>=20
> thousands of these in the httpd.conf file.
Sounds like someone trying to exploit last year's apache chunked
transfer encoding bug. See:
http://www.cert.org/advisories/CA-2002-17.html
http://httpd.apache.org/info/security_bulletin_20020617.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0392
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A04.asc
Make sure you're running a more recent version than apache-1.3.26 or
apache-2.0.39 and you're immune.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--LwW0XdcUbUexiWVK
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
iD8DBQE+wooDdtESqEQa7a0RApeOAJ4uUzI6/FJdO+dQNPw2us4+UynTfQCgkvvp
DHJr/7M4iy3fGMtfXBEHl9E=
=o2z3
-----END PGP SIGNATURE-----
--LwW0XdcUbUexiWVK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030514182507.GC69479>