[apache-talk] ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server(fwd)

[Yury Bokhoncovich <byg@center-f1.ru>]

úÄÒÁ×ÓÔ×ÕÊÔÅ!

îÕ, É ÞÔÏ ÏÂÝÅÓÔ×ÅÎÎÏÓÔØ ÐÏ ÜÔÏÍÕ ÐÏ×ÏÄÕ ÄÕÍÁÅÔ?

-- 
WBR, Yury Bokhoncovich, Senior System Administrator, NOC of F1 Group.
Phone: +7 (3832) 106228, ext.140, E-mail: byg@center-f1.ru.
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.


---------- Forwarded message ----------
Date: Mon, 17 Jun 2002 23:51:26 +0400
From: bogachev igor <drugoy_bog@mail.ru>
To: bugtraq@securityfocus.com, lexa@lexa.ru
Subject: Re[2]: ISS Advisory: Remote Compromise Vulnerability in Apache
    HTTP Server


This question may be interesting for russian users of apache

http_protocol.c:2083

#ifdef RUSSIAN_APACHE
        if(r && r->ra_codep && r->ra_codep->cp_itabl_p)
          {
            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
                        "chunked Transfer-Encoding not supported by Russian
Apache: %s", r->uri);
            return (lenp) ? HTTP_BAD_REQUEST : HTTP_LENGTH_REQUIRED;
          }
#endif

does it mean that russian apache isn't vulnerable?

[skip]

> >
> > Remote Compromise Vulnerability in Apache HTTP Server
> >
[skip]
> >
> > Apache contains a flawed mechanism meant to calculate the size of
> > "chunked" encoding. Chunked encoding is part of the HTTP Protocol
> > Specification used for accepting data from Web users. When data is sent

=============================================================================
=               Apache-Talk@lists.lexa.ru mailing list                      =
Mail "unsubscribe apache-talk" to majordomo@lists.lexa.ru if you want to quit.
=       Archive avaliable at http://www.lexa.ru/apache-talk                 =