From owner-freebsd-isp@FreeBSD.ORG Wed Jul 7 18:10:01 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E5D916A4D0 for ; Wed, 7 Jul 2004 18:10:01 +0000 (GMT) Received: from mproxy.gmail.com (mproxy.gmail.com [216.239.56.250]) by mx1.FreeBSD.org (Postfix) with SMTP id 11BA543D60 for ; Wed, 7 Jul 2004 18:10:01 +0000 (GMT) (envelope-from nethead@gmail.com) Received: by mproxy.gmail.com with SMTP id r62so368001cwc for ; Wed, 07 Jul 2004 11:10:00 -0700 (PDT) Received: by 10.11.120.80 with SMTP id s80mr8293cwc; Wed, 07 Jul 2004 11:10:00 -0700 (PDT) Message-ID: <79db6ae04070711106e9f2e35@mail.gmail.com> Date: Wed, 7 Jul 2004 11:10:00 -0700 From: Joe Hamelin To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Apache 1.3.x proxy hole X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jul 2004 18:10:01 -0000 Techworld is reporting that: "The bug affects Apache 1.3.x installations configured to act as proxy servers, which relay requests between a Web browser and the Internet. When a vulnerable server connects to a malicious site, a specially-crafted packet can be used to exploit the vulnerability, according to security researcher Georgi Guninski, who has publicly released exploit code." http://bsdnews.com/view_story.php3?story_id=4628 http://www.techworld.com/opsys/news/index.cfm?newsid=1814&page=1&pagepos=2 Does anyone know of a FreeBSD patch for this out yet? -- Joe Hamelin Edmonds, WA, US