From owner-freebsd-doc Sat Jun 29 11: 4: 3 2002 Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AE6A37B401; Sat, 29 Jun 2002 11:03:56 -0700 (PDT) Received: from rutger.owt.com (rutger.owt.com [204.118.6.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5ED9843E13; Sat, 29 Jun 2002 11:03:55 -0700 (PDT) (envelope-from kstewart@owt.com) Received: from owt.com (owt-207-41-94-232.owt.com [207.41.94.232]) by rutger.owt.com (8.9.3/8.9.3) with ESMTP id LAA23686; Sat, 29 Jun 2002 11:03:51 -0700 Message-ID: <3D1DF686.9080707@owt.com> Date: Sat, 29 Jun 2002 11:03:50 -0700 From: Kent Stewart User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2 X-Accept-Language: en-us, es-mx MIME-Version: 1.0 To: charles woolverton Cc: freebsd-doc@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: Fw: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT References: <002401c21f95$3edf6090$050da8c0@hustla> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org charles woolverton wrote: > > > > Team FBSD > > > > I apologize, I stand corrected. :) I would still suggest being that > Nimda was quite lethal (especially to large hosting providers), that you > put an Alert link on the front of the site.. > You missed the web page on security announcements. See ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:04.asc Kent > > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1492768+0+current/freebsd-security > > > > Thank you, > > > > -charles > > > > ----- Original Message ----- > From: charles woolverton > > To: freebsd-doc@FreeBSD.ORG > > Sent: Saturday, June 29, 2002 1:21 PM > > Subject: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT > > > Team FBSD > > > > > > I did not see an advisory on your site, but as of June 16, 2002, there > was an "Apache HTTP Server chunk encoding stack overflow" discovered. I > have not been able to find this on Apache's website either. However, > there has been sevreal reports to securityfocus.org about Apache chunk > encoding issues. > > > > It appears that a new Worm has been identified by the Symantec staff > that targets FreeBSD systems via this Apache exploitable issue. > > > > Please see: Symantec's 'FreeBSD.Scalper.Worm' advisory - 06/28/2002 > > http://securityresponse.symantec.com/avcenter/security/Content/2049.html > > Please see: Symantec's Apache HTTP Server chunk encoding stack overfow > advisory 06/17/2002 > > http://securityresponse.symantec.com/avcenter/security/Content/2049.html > > > > Please see: Securityfocus advisories- 06/17/2002 - 06/28/2002 > > CA-2002-17 > > http://online.securityfocus.com/advisories/4210 > > 20020605-01-A > > http://online.securityfocus.com/advisories/4212 > > CLA-2002:498 > > http://online.securityfocus.com/advisories/4226 > > apache-worm.c - Supposedly the source code is available here > > http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0 > > Apache worm in the wild post > > http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0 > > CAN-2002-0392 - Apache Chunked-Encoding Corruption Vulnerability > > http://online.securityfocus.com/bid/5033 > > Apache goes berserk - May be related (What you may receive if being > attacked) > > http://online.securityfocus.com/archive/75/279373 > > > > I don't know if you put many security alerts on your site, however I'd > ask that you do place this one on. At my company we have been > encouraging our larger Managed Hosting customers to use FreeBSD. > However, being that most people that are / may be familiar with any nix > flavor don't use Symantec's website, and it's sad to say "Don't keep up > with security alerts", I would suggest putting something on the > frontpage of FreeBSD.org. Especially after what happened many times > before with Windows and Nimda/varients. > > > > > > Thank you, > > > > Charles Woolverton > > Tastik.net > > charles.woolverton@tasik.net > -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message