Fw: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT

[ Available lists | Index of freebsd-doc | Month of Jun 2002 | Week of 29 Jun 2002 | Raw email | View thread | Wrap long lines | Reply | Tag ]
From
charles woolverton <charles.woolverton@tastik.net>
Date
29 Jun 2002 10:50:25
Subject
Fw: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT
Message-ID
002401c21f95$3edf6090$050da8c0@hustla

Referenced by
Kent Stewart

[ Hide this part ] 
 
 
Team FBSD
 
I apologize, I stand corrected.   :)  I would still suggest being that Nimda was quite lethal (especially to large hosting providers), that you put an Alert link on the front of the site..
 
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1492768+0+current/freebsd-security
 
Thank you,
 
-charles
 
----- Original Message -----
From: charles woolverton
To: freebsd-doc@FreeBSD.ORG
Sent: Saturday, June 29, 2002 1:21 PM
Subject: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT
 
 
Team FBSD
 
 
I did not see an advisory on your site, but as of June 16, 2002, there was an "Apache HTTP Server chunk encoding stack overflow" discovered.  I have not been able to find this on Apache's website either.  However, there has been sevreal reports to securityfocus.org about Apache chunk encoding issues.
 
It appears that a new Worm has been identified by the Symantec staff that targets FreeBSD systems via this Apache exploitable issue.
 
Please see: Symantec's 'FreeBSD.Scalper.Worm' advisory - 06/28/2002
http://securityresponse.symantec.com/avcenter/security/Content/2049.html
 
Please see: Symantec's Apache HTTP Server chunk encoding stack overfow advisory 06/17/2002
http://securityresponse.symantec.com/avcenter/security/Content/2049.html
 
Please see: Securityfocus advisories- 06/17/2002 - 06/28/2002
    CA-2002-17
http://online.securityfocus.com/advisories/4210
    20020605-01-A
http://online.securityfocus.com/advisories/4212
    CLA-2002:498
http://online.securityfocus.com/advisories/4226
    apache-worm.c - Supposedly the source code is available here
http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0
    Apache worm in the wild post
http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0
    CAN-2002-0392 - Apache Chunked-Encoding Corruption Vulnerability
http://online.securityfocus.com/bid/5033
    Apache goes berserk - May be related (What you may receive if being attacked)
http://online.securityfocus.com/archive/75/279373
 
I don't know if you put many security alerts on your site, however I'd ask that you do place this one on.  At my company we have been encouraging our larger Managed Hosting customers to use FreeBSD.  However, being that most people that are / may be familiar with any nix flavor don't use Symantec's website, and it's sad to say "Don't keep up with security alerts", I would suggest putting something on the frontpage of FreeBSD.org.  Especially after what happened many times before with Windows and Nimda/varients.
 
 
Thank you,
 
Charles Woolverton
Tastik.net
charles.woolverton@tasik.net
[ Show this part (text/html) ]