Apache Chunk Handling Roundup
by Berislav Kucan - revised on 20 June 2002


Robert Lemos - rob.lemos(a)cnet.com article on CNET

Chris Rouland, director of ISS's research and development team, known as X-Force, maintains that the company did the right thing when it released an advisory on the issue and included a patch as well. "We are competing with the 10 million hackers out there, who are trying to break in to Web servers," he said. "The hackers were the real ones that were ticked off that we released the advisory. That's one less exploit that they could use."

Read this article on CNET (http://www.cnet.com/investor/news/newsitem/0-9900-1028-20051547-0.html).


3) Solutions and patches

ISS X-Force has developed a patch for "Remote Compromise Vulnerability in Apache HTTP Serve" issue. The patch is available from the ISS advisory located on the top of this paper.

(Please note that the patch provided by ISS does not correct the vulnerability found by NGSSoftware).



CERT advice: The Apache Software Foundation has released two new versions of Apache that correct this vulnerability. System administrators can prevent the vulnerability from being exploited by upgrading to Apache version 1.3.25 or 2.0.39. The new versions of Apache will be available from their web site at http://httpd.apache.org/

Update: Version 1.3.26 is available to download as of 19.06.2002.

Update: New version of mod_ssl was released and is available on the following address:
http://www.modssl.org/source/mod_ssl-2.8.9-1.3.26.tar.gz

4) Vendor security advisories

Vendor: SGI
Vulnerable: SGI is currently investigating this security issue
Advisory: http://www.net-security.org/advisory.php?id=776



Vendor: Debian
Vulnerable: Debian GNU/Linux 2.2
Advisory: http://www.net-security.org/advisory.php?id=778



Vendor: Debian
Vulnerable: Debian GNU/Linux 2.2 - revised advisory
Advisory: http://www.net-security.org/advisory.php?id=783



Vendor: Debian
Vulnerable: Debian GNU/Linux 2.2 - (apache-ssl advisory)
Advisory: http://www.net-security.org/advisory.php?id=784



Vendor: EnGarde Linux
Vulnerable: EnGarde Secure Linux
Advisory: http://www.net-security.org/advisory.php?id=779



Vendor: SuSE
Vulnerable: SuSE Linux 6.4-8.0, SuSE Linux Database Server, SuSE eMail Server III and SuSE Linux Enterprise Server
Advisory: http://www.net-security.org/advisory.php?id=780



Vendor: Conectiva
Vulnerable: Conectiva Linux 6.0-8
Advisory: http://www.net-security.org/advisory.php?id=781

Spotlight

Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials

Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jul 3rd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //