From owner-freebsd-doc Sat Jun 29 10:50:25 2002 Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 915B037B409; Sat, 29 Jun 2002 10:49:58 -0700 (PDT) Received: from bitch.tastik.net (c-66-56-27-8.atl.client2.attbi.com [66.56.27.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D20F43E89; Sat, 29 Jun 2002 10:49:41 -0700 (PDT) (envelope-from charles.woolverton@tastik.net) Received: from hustla (hustla [192.168.13.5]) by bitch.tastik.net (8.11.1/8.11.1) with SMTP id g5THmPu09454; Sat, 29 Jun 2002 13:48:25 -0400 (EDT) (envelope-from charles.woolverton@tastik.net) Message-ID: <002401c21f95$3edf6090$050da8c0@hustla> From: "charles woolverton" To: , Subject: Fw: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT Date: Sat, 29 Jun 2002 13:48:57 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0021_01C21F73.B6EB9DF0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0021_01C21F73.B6EB9DF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Team FBSD I apologize, I stand corrected. :) I would still suggest being that = Nimda was quite lethal (especially to large hosting providers), that you = put an Alert link on the front of the site.. http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D1492768+0+current/freebsd-= security Thank you, -charles ----- Original Message -----=20 From: charles woolverton=20 To: freebsd-doc@FreeBSD.ORG=20 Sent: Saturday, June 29, 2002 1:21 PM Subject: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT Team FBSD I did not see an advisory on your site, but as of June 16, 2002, there = was an "Apache HTTP Server chunk encoding stack overflow" discovered. I = have not been able to find this on Apache's website either. However, = there has been sevreal reports to securityfocus.org about Apache chunk = encoding issues. It appears that a new Worm has been identified by the Symantec staff = that targets FreeBSD systems via this Apache exploitable issue. Please see: Symantec's 'FreeBSD.Scalper.Worm' advisory - 06/28/2002 http://securityresponse.symantec.com/avcenter/security/Content/2049.html Please see: Symantec's Apache HTTP Server chunk encoding stack overfow = advisory 06/17/2002 http://securityresponse.symantec.com/avcenter/security/Content/2049.html Please see: Securityfocus advisories- 06/17/2002 - 06/28/2002 CA-2002-17 http://online.securityfocus.com/advisories/4210 20020605-01-A http://online.securityfocus.com/advisories/4212 CLA-2002:498 http://online.securityfocus.com/advisories/4226 apache-worm.c - Supposedly the source code is available here http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0 Apache worm in the wild post http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0 CAN-2002-0392 - Apache Chunked-Encoding Corruption Vulnerability http://online.securityfocus.com/bid/5033 Apache goes berserk - May be related (What you may receive if being = attacked) http://online.securityfocus.com/archive/75/279373 I don't know if you put many security alerts on your site, however I'd = ask that you do place this one on. At my company we have been = encouraging our larger Managed Hosting customers to use FreeBSD. = However, being that most people that are / may be familiar with any nix = flavor don't use Symantec's website, and it's sad to say "Don't keep up = with security alerts", I would suggest putting something on the = frontpage of FreeBSD.org. Especially after what happened many times = before with Windows and Nimda/varients. Thank you, Charles Woolverton Tastik.net charles.woolverton@tasik.net ------=_NextPart_000_0021_01C21F73.B6EB9DF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

 
Team FBSD
 
I apologize, I stand = corrected.  =20 :)  I would still suggest being that Nimda was quite lethal = (especially to=20 large hosting providers), that you put an Alert link on the front of the = site..
 
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D1492768+= 0+current/freebsd-security
 
Thank you,
 
-charles
 
----- Original Message -----=20
From: charles woolverton =
Sent: Saturday, June 29, 2002 1:21 PM
Subject: NEW FBSD Virus - Effects Apache Server Chunk = encoding -=20 ALERT

Team FBSD
 
 
I did not see an advisory on your site, = but as of=20 June 16, 2002, there was an "Apache HTTP Server chunk encoding stack = overflow"=20 discovered.  I have not been able to find this on Apache's website=20 either.  However, there has been sevreal reports to = securityfocus.org about=20 Apache chunk encoding issues.
 
It appears that a new Worm has been = identified by=20 the Symantec staff that targets FreeBSD systems via = this Apache=20 exploitable issue.
 
Please see: Symantec's=20 'FreeBSD.Scalper.Worm' advisory - 06/28/2002
http://securityresponse.symantec.com/avcenter/security/Content/2= 049.html
Please see: Symantec's Apache = HTTP Server=20 chunk encoding stack overfow advisory 06/17/2002
http://securityresponse.symantec.com/avcenter/security/Content/2= 049.html
 
Please see: Securityfocus = advisories- = 06/17/2002 -=20 06/28/2002
   =20 CA-2002-17
http://online.se= curityfocus.com/advisories/4210
   =20 20020605-01-A
http://online.se= curityfocus.com/advisories/4212
   =20 CLA-2002:498
http://online.se= curityfocus.com/advisories/4226
   =20 apache-worm.c - Supposedly the source code is available = here
http://online.securityfocus.com/archive/1/279633/2002-06-26/2002= -07-02/0
    Apache worm in the wild=20 post
http://online.securityfocus.com/archive/1/279529/2002-06-26/2002= -07-02/0
    CAN-2002-0392 -=20 Apache = Chunked-Encoding=20 Corruption Vulnerability
http://online.securityf= ocus.com/bid/5033
    Apache goes berserk - May be related = (What you=20 may receive if being attacked)
http://online.= securityfocus.com/archive/75/279373
=
 
I don't know if you put many security alerts on your = site,=20 however I'd ask that you do place this one on.  At my company we = have been=20 encouraging our larger Managed Hosting customers to use FreeBSD.  = However,=20 being that most people that are / may be familiar with any nix flavor = don't use=20 Symantec's website, and it's sad to say "Don't keep up with security = alerts", I=20 would suggest putting something on the frontpage of FreeBSD.org. =20 Especially after what happened many times before with Windows and=20 Nimda/varients.
 
 
Thank you,
 
Charles Woolverton
Tastik.net
charles.woolverton@tasik.net=
------=_NextPart_000_0021_01C21F73.B6EB9DF0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message