From owner-freebsd-doc Sat Jun 29 10:21:32 2002 Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87FEE37B400 for ; Sat, 29 Jun 2002 10:21:24 -0700 (PDT) Received: from bitch.tastik.net (c-66-56-27-8.atl.client2.attbi.com [66.56.27.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9584443E13 for ; Sat, 29 Jun 2002 10:21:18 -0700 (PDT) (envelope-from charles.woolverton@tastik.net) Received: from hustla (hustla [192.168.13.5]) by bitch.tastik.net (8.11.1/8.11.1) with SMTP id g5THKdu09402; Sat, 29 Jun 2002 13:20:39 -0400 (EDT) (envelope-from charles.woolverton@tastik.net) Message-ID: <000801c21f91$5bdcc830$050da8c0@hustla> From: "charles woolverton" To: Subject: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT Date: Sat, 29 Jun 2002 13:21:08 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C21F6F.D47D2F40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C21F6F.D47D2F40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Team FBSD I did not see an advisory on your site, but as of June 16, 2002, there = was an "Apache HTTP Server chunk encoding stack overflow" discovered. I = have not been able to find this on Apache's website either. However, = there has been sevreal reports to securityfocus.org about Apache chunk = encoding issues. It appears that a new Worm has been identified by the Symantec staff = that targets FreeBSD systems via this Apache exploitable issue. Please see: Symantec's 'FreeBSD.Scalper.Worm' advisory - 06/28/2002 http://securityresponse.symantec.com/avcenter/security/Content/2049.html Please see: Symantec's Apache HTTP Server chunk encoding stack overfow = advisory 06/17/2002 http://securityresponse.symantec.com/avcenter/security/Content/2049.html Please see: Securityfocus advisories- 06/17/2002 - 06/28/2002 CA-2002-17 http://online.securityfocus.com/advisories/4210 20020605-01-A http://online.securityfocus.com/advisories/4212 CLA-2002:498 http://online.securityfocus.com/advisories/4226 apache-worm.c - Supposedly the source code is available here http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0 Apache worm in the wild post http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0 CAN-2002-0392 - Apache Chunked-Encoding Corruption Vulnerability http://online.securityfocus.com/bid/5033 Apache goes berserk - May be related (What you may receive if being = attacked) http://online.securityfocus.com/archive/75/279373 I don't know if you put many security alerts on your site, however I'd = ask that you do place this one on. At my company we have been = encouraging our larger Managed Hosting customers to use FreeBSD. = However, being that most people that are / may be familiar with any nix = flavor don't use Symantec's website, and it's sad to say "Don't keep up = with security alerts", I would suggest putting something on the = frontpage of FreeBSD.org. Especially after what happened many times = before with Windows and Nimda/varients. Thank you, Charles Woolverton Tastik.net charles.woolverton@tasik.net ------=_NextPart_000_0005_01C21F6F.D47D2F40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Team FBSD
 
 
I did not see an advisory on your site, = but as of=20 June 16, 2002, there was an "Apache HTTP Server chunk encoding stack = overflow"=20 discovered.  I have not been able to find this on Apache's website=20 either.  However, there has been sevreal reports to = securityfocus.org about=20 Apache chunk encoding issues.
 
It appears that a new Worm has been = identified by=20 the Symantec staff that targets FreeBSD systems via = this Apache=20 exploitable issue.
 
Please see: Symantec's=20 'FreeBSD.Scalper.Worm' advisory - 06/28/2002
http://securityresponse.symantec.com/avcenter/security/Content/2= 049.html
Please see: Symantec's Apache = HTTP Server=20 chunk encoding stack overfow advisory 06/17/2002
http://securityresponse.symantec.com/avcenter/security/Content/2= 049.html
 
Please see: Securityfocus = advisories- = 06/17/2002 -=20 06/28/2002
   =20 CA-2002-17
http://online.se= curityfocus.com/advisories/4210
   =20 20020605-01-A
http://online.se= curityfocus.com/advisories/4212
   =20 CLA-2002:498
http://online.se= curityfocus.com/advisories/4226
   =20 apache-worm.c - Supposedly the source code is available = here
http://online.securityfocus.com/archive/1/279633/2002-06-26/2002= -07-02/0
    Apache worm in the wild=20 post
http://online.securityfocus.com/archive/1/279529/2002-06-26/2002= -07-02/0
    CAN-2002-0392 -=20 Apache = Chunked-Encoding=20 Corruption Vulnerability
http://online.securityf= ocus.com/bid/5033
    Apache goes berserk - May be related = (What you=20 may receive if being attacked)
http://online.= securityfocus.com/archive/75/279373
=
 
I don't know if you put many security alerts on your = site,=20 however I'd ask that you do place this one on.  At my company we = have been=20 encouraging our larger Managed Hosting customers to use FreeBSD.  = However,=20 being that most people that are / may be familiar with any nix flavor = don't use=20 Symantec's website, and it's sad to say "Don't keep up with security = alerts", I=20 would suggest putting something on the frontpage of FreeBSD.org. =20 Especially after what happened many times before with Windows and=20 Nimda/varients.
 
 
Thank you,
 
Charles Woolverton
Tastik.net
charles.woolverton@tasik.net=
------=_NextPart_000_0005_01C21F6F.D47D2F40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message