From owner-freebsd-bugbusters Tue Jun 25 2:52:29 2002 Delivered-To: freebsd-bugbusters@freebsd.org Received: from hotmail.com (oe55.pav2.hotmail.com [64.4.36.63]) by hub.freebsd.org (Postfix) with ESMTP id 5EC1537B40C; Tue, 25 Jun 2002 02:49:32 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 25 Jun 2002 02:49:31 -0700 X-Originating-IP: [203.144.144.233] From: "mont" To: Subject: =?windows-874?B?cGFydC10aW1lIDUsMDAwLTEwLDAwMCCk2LOh57fT5LTpICEhIQ==?= Date: Tue, 25 Jun 2002 16:45:39 +0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01FE_01C21C67.BCB0AE60" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 25 Jun 2002 09:49:31.0844 (UTC) FILETIME=[9AF1D040:01C21C2D] Sender: owner-freebsd-bugbusters@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_01FE_01C21C67.BCB0AE60 Content-Type: text/plain; charset="windows-874" Content-Transfer-Encoding: quoted-printable = =C3=D0=BA=BA=A1=D2=C3=B7=D3=A7=D2=B9=A2=CD=A7=B8=D8=C3=A1=D4=A8=E3=B9=CD=B9= =D2=A4=B5 =B7=D3=E4=B4=E9=A7=E8=D2=C2 = =E1=C5=D0=CA=C3=E9=D2=A7=C3=D2=C2=E4=B4=E9=A7=D2=C1=A8=D2=A1=A1=D2=C3=B7=D3= =A7=D2=B9=BC=E8=D2=B9=C3=D0=BA=BA =BC=C1=C1=D5=C3=D2=C2=E4=B4=E9=C1=D2=A1=A1=C7=E8=D2 30,000 / = =E0=B4=D7=CD=B9 = =A8=D2=A1=A1=D2=C3=B7=D3=A7=D2=B9=E0=BE=D5=C2=A7=C7=D1=B9=C5=D0 2-3 = =AA=D1=E8=C7=E2=C1=A7=E0=B7=E8=D2=B9=D1=E9=B9 =E2=CD=A1=D2=CA=C1=D2=B6=D6=A7=A4=D8=B3=E1=C5=E9=C7 ! = =E0=CB=C5=D7=CD=E1=B5=E8=E0=BE=D5=C2=A7=A4=D8=B3=A8=D0=A4=C7=E9=D2=C1=D1=B9= =CB=C3=D7=CD=E0=BB=C5=E8=D2 =A1=D2=C3=BA=C3=C3=C2=D2=C2=E1=B9=D0=B9=D3=B8=D8=C3=A1=D4=A8 = International E-Business =E0=C3=D5=C2=B9=C3=D9=E9=C7=D4=B8=D5=A1=D2=C3=B7=D3=A7=D2=B9 = =B8=D8=C3=A1=D4=A8=B9=D2=B9=D2=AA=D2=B5=D4 =BA=B9 Internet=20 = =E0=C3=D5=C2=B9=C3=D9=E9=E1=BC=B9=A1=D2=C3=B7=D3=A7=D2=B9=E0=BE=D4=E8=C1=C3= =D2=C2=E4=B4=E9=BE=D4=E0=C8=C9=E3=B9=E1=B5=E8=C5=D0=E0=B4=D7=CD=B9 = =E1=BC=B9=C3=D2=C2=E4=B4=E9=CD=C2=E8=D2=A7=A8=C3=D4=A7=A8=D1=A7=E1=BA=BA=B7= =D3=A7=D2=B9 Part-time 15,000 =B6=D6=A7 60,000 =BA=D2=B7/=E0=B4=D7=CD=B9 =E0=C7=C5=D2=B7=D5=E8=B5=E9=CD=A7=E3=AA=E9 : 7- 14 =AA=C1. = /=CA=D1=BB=B4=D2=CB=EC=20 = =E1=BC=B9=C3=D2=C2=E4=B4=E9=CD=C2=E8=D2=A7=A8=C3=D4=A7=A8=D1=A7=E1=BA=BA=B7= =D3=A7=D2=B9 full-time 30,000 =B6=D6=A7 170,000 =BA=D2=B7/=E0=B4=D7=CD=B9 =E0=C7=C5=D2=B7=D5=E8=B5=E9=CD=A7=E3=AA=E9 : 20- 40 =AA=C1. = /=CA=D1=BB=B4=D2=CB=EC=20 =A2=E8=D2=C7=B4=D5 ! =CA=D3=CB=C3=D1=BA = =BC=D9=E9=B7=D5=E8=CD=C2=D9=E8=E3=B9=E0=A2=B5 =A1=C3=D8=A7=E0=B7=BE=CF = =E1=C5=D0=BB=C3=D4=C1=C5=B1=C5 = =CA=D3=C3=CD=A7=B7=D5=E8=B9=D1=E8=A7=E0=BE=D7=E8=CD=BF=D1=A7=A1=D2=C3=BA=C3= =C3=C2=D2=C2 =BF=C3=D5 !!! = ************************************************************* = =A2=CD=CD=C0=D1=C2=CB=D2=A1=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=E4=BB=B6=D6=A7=A4= =D8=B3=E2=B4=C2=BA=D1=A7=E0=CD=D4=AD=CB=D2=A1=A4=D8=B3=E4=C1=E8=B5=E9=CD=A7= =A1=D2=C3=C3=D1=BA=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=CD=D5=A1 =A1=C3=D8=B3=D2 =E1=A8=E9=A7 Mail = =A2=CD=A7=A4=D8=B3=B7=D5=E8=B5=E9=CD=A7=A1=D2=C3=C5=BA=C1=D2=B7=D5=E8 = "Unsubscribe" =20 =20 ------=_NextPart_000_01FE_01C21C67.BCB0AE60 Content-Type: text/html; charset="windows-874" Content-Transfer-Encoding: quoted-printable

=C3=D0=BA=BA=A1=D2=C3=B7=D3=A7=D2=B9=A2=CD=A7=B8=D8=C3=A1=D4=A8= =E3=B9=CD=B9=D2=A4=B5
=B7=D3=E4=B4=E9=A7=E8=D2=C2=20 = =E1=C5=D0=CA=C3=E9=D2=A7=C3=D2=C2=E4=B4=E9=A7=D2=C1=A8=D2=A1=A1=D2=C3=B7=D3= =A7=D2=B9=BC=E8=D2=B9=C3=D0=BA=BA
=BC=C1=C1=D5=C3=D2=C2=E4=B4=E9=C1=D2=A1=A1=C7=E8=D2=20 30,000 / =E0=B4=D7=CD=B9 = =A8=D2=A1=A1=D2=C3=B7=D3=A7=D2=B9=E0=BE=D5=C2=A7=C7=D1=B9=C5=D0 2-3=20 = =AA=D1=E8=C7=E2=C1=A7=E0=B7=E8=D2=B9=D1=E9=B9
=E2=CD=A1=D2=CA=C1=D2=B6=D6=A7=A4=D8=B3=E1=C5=E9=C7=20 !
=E0=CB=C5=D7=CD=E1=B5=E8=E0=BE=D5=C2=A7=A4=D8=B3=A8=D0=A4=C7= =E9=D2=C1=D1=B9=CB=C3=D7=CD=E0=BB=C5=E8=D2

=A1=D2=C3=BA=C3=C3=C2=D2=C2=E1=B9=D0=B9=D3=B8=D8=C3=A1=D4= =A8 International=20 E-Business
=E0=C3=D5=C2=B9=C3=D9=E9=C7=D4=B8=D5=A1=D2=C3=B7=D3=A7=D2= =B9 =B8=D8=C3=A1=D4=A8=B9=D2=B9=D2=AA=D2=B5=D4 =BA=B9 Internet=20
=E0=C3=D5=C2=B9=C3=D9=E9=E1=BC=B9=A1=D2=C3=B7=D3=A7=D2=B9= =E0=BE=D4=E8=C1=C3=D2=C2=E4=B4=E9=BE=D4=E0=C8=C9=E3=B9=E1=B5=E8=C5=D0=E0=B4= =D7=CD=B9

=E1=BC=B9=C3=D2=C2=E4=B4=E9=CD=C2=E8=D2=A7=A8=C3=D4=A7=A8=D1=A7=E1=BA= =BA=B7=D3=A7=D2=B9 Part-time
15,000 =B6=D6=A7 = 60,000=20 = =BA=D2=B7/=E0=B4=D7=CD=B9
=E0=C7=C5=D2=B7=D5=E8=B5=E9=CD=A7=E3=AA=E9 = : 7- 14 =AA=C1. /=CA=D1=BB=B4=D2=CB=EC=20 =
=E1=BC=B9=C3=D2=C2=E4=B4=E9=CD=C2=E8=D2=A7=A8=C3=D4=A7=A8=D1=A7=E1=BA= =BA=B7=D3=A7=D2=B9 full-time
30,000 =B6=D6=A7 170,000=20 = =BA=D2=B7/=E0=B4=D7=CD=B9
=E0=C7=C5=D2=B7=D5=E8=B5=E9=CD=A7=E3=AA=E9 = : 20- 40 =AA=C1. /=CA=D1=BB=B4=D2=CB=EC

=A2=E8=D2=C7=B4=D5=20 !     = =CA=D3=CB=C3=D1=BA = =BC=D9=E9=B7=D5=E8=CD=C2=D9=E8=E3=B9=E0=A2=B5=20 =A1=C3=D8=A7=E0=B7=BE=CF  = =E1=C5=D0=BB=C3=D4=C1=C5=B1=C5
=CA=D3=C3=CD=A7=B7=D5=E8=B9=D1=E8=A7=E0=BE=D7=E8=CD=BF=D1=A7=A1=D2= =C3=BA=C3=C3=C2=D2=C2   = =BF=C3=D5 !!!
*************************************************************
          &nbs= p; =20 =A2=CD=CD=C0=D1=C2=CB=D2=A1=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=E4=BB= =B6=D6=A7=A4=D8=B3=E2=B4=C2=BA=D1=A7=E0=CD=D4=AD=CB=D2=A1=A4=D8=B3=E4=C1=E8= =B5=E9=CD=A7=A1=D2=C3=C3=D1=BA=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=CD=D5=A1
=   =20 =            =        =20 =A1=C3=D8=B3=D2 =E1=A8=E9=A7 Mail=20 = =A2=CD=A7=A4=D8=B3=B7=D5=E8=B5=E9=CD=A7=A1=D2=C3=C5=BA=C1=D2=B7=D5=E8 = "Unsubscribe"

------=_NextPart_000_01FE_01C21C67.BCB0AE60-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugbusters" in the body of the message From owner-freebsd-bugbusters Sat Jun 29 10:38:25 2002 Delivered-To: freebsd-bugbusters@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E021D37B400; Sat, 29 Jun 2002 10:38:13 -0700 (PDT) Received: from bitch.tastik.net (c-66-56-27-8.atl.client2.attbi.com [66.56.27.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id C03D143E13; Sat, 29 Jun 2002 10:38:12 -0700 (PDT) (envelope-from charles.woolverton@tastik.net) Received: from hustla (hustla [192.168.13.5]) by bitch.tastik.net (8.11.1/8.11.1) with SMTP id g5THbWu09426; Sat, 29 Jun 2002 13:37:33 -0400 (EDT) (envelope-from charles.woolverton@tastik.net) Message-ID: <000d01c21f93$ba1ef600$050da8c0@hustla> From: "charles woolverton" To: Cc: , Subject: Fw: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT Date: Sat, 29 Jun 2002 13:38:05 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000A_01C21F72.32884780" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-bugbusters@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C21F72.32884780 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Team FBSD I apologize, I stand corrected. :) I would still suggest being that = Nimda was quite lethal (especially to large hosting providers), that you = put an Alert link on the front of the site.. http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D1492768+0+current/freebsd-= security Thank you, -charles ----- Original Message -----=20 From: charles woolverton=20 To: freebsd-doc@FreeBSD.ORG=20 Sent: Saturday, June 29, 2002 1:21 PM Subject: NEW FBSD Virus - Effects Apache Server Chunk encoding - ALERT Team FBSD I did not see an advisory on your site, but as of June 16, 2002, there = was an "Apache HTTP Server chunk encoding stack overflow" discovered. I = have not been able to find this on Apache's website either. However, = there has been sevreal reports to securityfocus.org about Apache chunk = encoding issues. It appears that a new Worm has been identified by the Symantec staff = that targets FreeBSD systems via this Apache exploitable issue. Please see: Symantec's 'FreeBSD.Scalper.Worm' advisory - 06/28/2002 http://securityresponse.symantec.com/avcenter/security/Content/2049.html Please see: Symantec's Apache HTTP Server chunk encoding stack overfow = advisory 06/17/2002 http://securityresponse.symantec.com/avcenter/security/Content/2049.html Please see: Securityfocus advisories- 06/17/2002 - 06/28/2002 CA-2002-17 http://online.securityfocus.com/advisories/4210 20020605-01-A http://online.securityfocus.com/advisories/4212 CLA-2002:498 http://online.securityfocus.com/advisories/4226 apache-worm.c - Supposedly the source code is available here http://online.securityfocus.com/archive/1/279633/2002-06-26/2002-07-02/0 Apache worm in the wild post http://online.securityfocus.com/archive/1/279529/2002-06-26/2002-07-02/0 CAN-2002-0392 - Apache Chunked-Encoding Corruption Vulnerability http://online.securityfocus.com/bid/5033 Apache goes berserk - May be related (What you may receive if being = attacked) http://online.securityfocus.com/archive/75/279373 I don't know if you put many security alerts on your site, however I'd = ask that you do place this one on. At my company we have been = encouraging our larger Managed Hosting customers to use FreeBSD. = However, being that most people that are / may be familiar with any nix = flavor don't use Symantec's website, and it's sad to say "Don't keep up = with security alerts", I would suggest putting something on the = frontpage of FreeBSD.org. Especially after what happened many times = before with Windows and Nimda/varients. Thank you, Charles Woolverton Tastik.net charles.woolverton@tasik.net ------=_NextPart_000_000A_01C21F72.32884780 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Team FBSD
 
I apologize, I stand = corrected.  =20 :)  I would still suggest being that Nimda was quite lethal = (especially to=20 large hosting providers), that you put an Alert link on the front of the = site..
 
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D1492768+= 0+current/freebsd-security
 
Thank you,
 
-charles
 
----- Original Message -----=20
From: charles woolverton =
Sent: Saturday, June 29, 2002 1:21 PM
Subject: NEW FBSD Virus - Effects Apache Server Chunk = encoding -=20 ALERT

Team FBSD
 
 
I did not see an advisory on your site, = but as of=20 June 16, 2002, there was an "Apache HTTP Server chunk encoding stack = overflow"=20 discovered.  I have not been able to find this on Apache's website=20 either.  However, there has been sevreal reports to = securityfocus.org about=20 Apache chunk encoding issues.
 
It appears that a new Worm has been = identified by=20 the Symantec staff that targets FreeBSD systems via = this Apache=20 exploitable issue.
 
Please see: Symantec's=20 'FreeBSD.Scalper.Worm' advisory - 06/28/2002
http://securityresponse.symantec.com/avcenter/security/Content/2= 049.html
Please see: Symantec's Apache = HTTP Server=20 chunk encoding stack overfow advisory 06/17/2002
http://securityresponse.symantec.com/avcenter/security/Content/2= 049.html
 
Please see: Securityfocus = advisories- = 06/17/2002 -=20 06/28/2002
   =20 CA-2002-17
http://online.se= curityfocus.com/advisories/4210
   =20 20020605-01-A
http://online.se= curityfocus.com/advisories/4212
   =20 CLA-2002:498
http://online.se= curityfocus.com/advisories/4226
   =20 apache-worm.c - Supposedly the source code is available = here
http://online.securityfocus.com/archive/1/279633/2002-06-26/2002= -07-02/0
    Apache worm in the wild=20 post
http://online.securityfocus.com/archive/1/279529/2002-06-26/2002= -07-02/0
    CAN-2002-0392 -=20 Apache = Chunked-Encoding=20 Corruption Vulnerability
http://online.securityf= ocus.com/bid/5033
    Apache goes berserk - May be related = (What you=20 may receive if being attacked)
http://online.= securityfocus.com/archive/75/279373
=
 
I don't know if you put many security alerts on your = site,=20 however I'd ask that you do place this one on.  At my company we = have been=20 encouraging our larger Managed Hosting customers to use FreeBSD.  = However,=20 being that most people that are / may be familiar with any nix flavor = don't use=20 Symantec's website, and it's sad to say "Don't keep up with security = alerts", I=20 would suggest putting something on the frontpage of FreeBSD.org. =20 Especially after what happened many times before with Windows and=20 Nimda/varients.
 
 
Thank you,
 
Charles Woolverton
Tastik.net
charles.woolverton@tasik.net=
------=_NextPart_000_000A_01C21F72.32884780-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugbusters" in the body of the message