From owner-freebsd-security  Wed Jun 19  7:38:15 2002
Delivered-To: freebsd-security@freebsd.org
Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8A0EC37B401; Wed, 19 Jun 2002 07:38:09 -0700 (PDT)
Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id M7SJ6RKH; Wed, 19 Jun 2002 17:40:13 +0300
Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1])
	by vega.vega.com (8.11.6/8.11.3) with ESMTP id g5JEc7b34423;
	Wed, 19 Jun 2002 17:38:07 +0300 (EEST)
	(envelope-from sobomax@FreeBSD.org)
Message-ID: <3D109786.F6CC57B7@FreeBSD.org>
Date: Wed, 19 Jun 2002 17:39:02 +0300
From: Maxim Sobolev <sobomax@FreeBSD.org>
Organization: Vega International Capital
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en,uk,ru
MIME-Version: 1.0
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>
Cc: security@FreeBSD.org,
	Alexandr Kovalenko <never@nevermind.kiev.ua>, demon@FreeBSD.org,
	lev@serebryakov.spb.ru
Subject: Re: [Fwd: Russian Apache is not vulnerable to recent DoS]
References: <3D1079D3.2BCF833F@FreeBSD.org> <20020619135156.GA19379@madman.nectar.cc>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

"Jacques A. Vidrine" wrote:
> 
> On Wed, Jun 19, 2002 at 03:32:19PM +0300, Maxim Sobolev wrote:
> > Redirect to a proper place.
> 
> Thanks, Maxim!
> 
> > -------- Original Message --------
> > Subject: Russian Apache is not vulnerable to recent DoS
> > Date: Wed, 19 Jun 2002 15:01:11 +0300
> > From: Alexandr Kovalenko <never@nevermind.kiev.ua>
> > To: freebsd-ports@FreeBSD.org
> >
> > Russian Apache is not vulnerable to recent apache vulnerability,
> > because
> > it does not use code, which causes it. Please, remove FORBIDDEN from
> > russian/apach13 and russian/apache13-ssl.
> 
> Do you a pointer to an analysis that leads to this conclusion?

Some information is available here:
http://www.lucky.net/~netch/tmp/apache-chunking-bugtraq.txt.

-Maxim

> 
> If the maintainers are convinced, then they can remove FORBIDDEN.
> I'm cc:ing them so that they are in the loop.
> 
> Cheers,
> --
> Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
> NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
> jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message