Date: Thu, 20 Jun 2002 14:17:41 -0700 (PDT) From: Patrick Thomas <root@utility.clubscholarship.com> To: <freebsd-hackers@freebsd.org> Subject: inuring FreeBSD to the apache bug without upgrading apache ? Message-ID: <20020620141424.U68572-100000@utility.clubscholarship.com>
next in thread | raw e-mail | index | archive | help
Is it possible to patch/recompile FreeBSD 4.5 in such a way that your system is no longer vulnerable to the "chunking" attack, even if you are still running a vulnerable apache ? I ask because I see in one of the chunking exploits that: * Remote OpenBSD/Apache exploit for the "chunking" vulnerability. Kudos to * the OpenBSD developers (Theo, DugSong, jnathan, *@#!w00w00, ...) and * their crappy memcpy implementation that makes this 32-bit impossibility * very easy to accomplish. Which leads me to believe there are structures in the OS which "help" this vulnerability to exist. I am _very_ interested to find out if it is possible to patch this bug at the FreeBSD OS level and not the apache level. thanks, PT To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620141424.U68572-100000>