HPE Community
Operating System - HP-UX
1831460 Members
2891 Online
110025 Solutions
New Discussion

[CERT Security Bulletin CERT-2002-17] Apache Web Server Chunk Handling Vulnerability

 
Steven Sim Kok Leong
Honored Contributor

‎06-17-2002 05:52 PM

‎06-17-2002 05:52 PM

[CERT Security Bulletin CERT-2002-17] Apache Web Server Chunk Handling Vulnerability

 
0 Kudos
Reply
3 REPLIES 3
Steven Sim Kok Leong
Honored Contributor

‎06-20-2002 06:15 AM

‎06-20-2002 06:15 AM

Re: [CERT Security Bulletin CERT-2002-17] Apache Web Server Chunk Handling Vulnerability

Hi,

Apache has released a new version of apache which fixes the vulnerabilities:

References:

1) http://httpd.apache.org/info/security_bulletin_20020617.txt

2) http://www.apacheweek.com/issues/02-06-21

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Tod Wiederholt
Occasional Advisor

‎06-21-2002 05:05 AM

‎06-21-2002 05:05 AM

Re: [CERT Security Bulletin CERT-2002-17] Apache Web Server Chunk Handling Vulnerability

How long will it be before HP releases their patch?
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎06-21-2002 04:28 PM

‎06-21-2002 04:28 PM

Re: [CERT Security Bulletin CERT-2002-17] Apache Web Server Chunk Handling Vulnerability

Hi,

To test whether your apache server is vulnerable, just run this command (you will need perl and netcat installed on your server:

# perl -e 'print "POST http://www/index.html HTTP/1.1\r\nAccept: */*\r\nHost: www\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-length: 5000\r\n\r\n" . "A"x5000 . "\r\n\r\n"' | nc localhost 80

If it is vulnerable, you will see the following error message in your error log:

# tail -1 /etc/httpd/logs/error_log
[Fri Jun 21 09:18:45 2002] [notice] child pid 14358 exit signal Segmentation fault (11)

Please test your apache vulnerability on your system! And to reiterate the information on the solution, users of Apache 1.3 should upgrade to 1.3.26, and users of Apache 2.0 should upgrade to 2.0.39, which contain a fix for this issue.

According to the code in one of the exploits, it was stated that other OSes are vulnerable (contrary to ISS belief that only some 64-bit Unix and Win32 apache are vulnerable):

* However, contrary to what ISS would have you believe, we have
* successfully exploited this hole on the following operating systems:
*
* Sun Solaris 6-8 (sparc/x86)
* FreeBSD 4.3-4.5 (x86)
* OpenBSD 2.6-3.1 (x86)
* Linux (GNU) 2.4 (x86)

In particular, note that Sun Solaris 6,7,8 on Sparc as well as Linux kernel 2.4 is vulnerable to the exploit.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.