https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746703#M753454 Tue, 18 Jun 2002 00:52:11 GMT Steven Sim Kok Leong 2002-06-18T00:52:11Z https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746703#M753454 Tue, 18 Jun 2002 00:52:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746703#M753454 Steven Sim Kok Leong 2002-06-18T00:52:11Z https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746704#M753455 Hi,<BR /><BR />Apache has released a new version of apache which fixes the vulnerabilities:<BR /><BR />References: <BR /><BR />1) <A href="http://httpd.apache.org/info/security_bulletin_20020617.txt" target="_blank">http://httpd.apache.org/info/security_bulletin_20020617.txt</A><BR /><BR />2) <A href="http://www.apacheweek.com/issues/02-06-21" target="_blank">http://www.apacheweek.com/issues/02-06-21</A> <BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong Thu, 20 Jun 2002 13:15:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746704#M753455 Steven Sim Kok Leong 2002-06-20T13:15:44Z https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746705#M753456 How long will it be before HP releases their patch? Fri, 21 Jun 2002 12:05:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746705#M753456 Tod Wiederholt 2002-06-21T12:05:06Z https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746706#M753457 Hi,<BR /><BR />To test whether your apache server is vulnerable, just run this command (you will need perl and netcat installed on your server:<BR /><BR /># perl -e 'print "POST http://www/index.html HTTP/1.1\r\nAccept: */*\r\nHost: www\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-length: 5000\r\n\r\n" . "A"x5000 . "\r\n\r\n"' | nc localhost 80 <BR /><BR />If it is vulnerable, you will see the following error message in your error log: <BR /><BR /># tail -1 /etc/httpd/logs/error_log <BR />[Fri Jun 21 09:18:45 2002] [notice] child pid 14358 exit signal Segmentation fault (11) <BR /><BR />Please test your apache vulnerability on your system! And to reiterate the information on the solution, users of Apache 1.3 should upgrade to 1.3.26, and users of Apache 2.0 should upgrade to 2.0.39, which contain a fix for this issue.<BR /><BR />According to the code in one of the exploits, it was stated that other OSes are vulnerable (contrary to ISS belief that only some 64-bit Unix and Win32 apache are vulnerable):<BR /><BR /> * However, contrary to what ISS would have you believe, we have <BR /> * successfully exploited this hole on the following operating systems: <BR /> * <BR /> * Sun Solaris 6-8 (sparc/x86) <BR /> * FreeBSD 4.3-4.5 (x86) <BR /> * OpenBSD 2.6-3.1 (x86) <BR /> * Linux (GNU) 2.4 (x86) <BR /><BR />In particular, note that Sun Solaris 6,7,8 on Sparc as well as Linux kernel 2.4 is vulnerable to the exploit. <BR /><BR />Hope this helps. Regards. <BR /><BR />Steven Sim Kok Leong Fri, 21 Jun 2002 23:28:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/cert-security-bulletin-cert-2002-17-apache-web-server-chunk/m-p/2746706#M753457 Steven Sim Kok Leong 2002-06-21T23:28:26Z