httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Leach" <sle...@askalix.com>
Subject Chunk Overflow / Red Hat Update / Eeye RetinaApache
Date Fri, 21 Jun 2002 09:15:22 GMT
Along with others, I received the note about the Apache Chunk-Encoding problem and as soon
as RedHat released their RPMS, updated my servers, however I also received wind of a tool
to test teh problem:

  Free Vulnerability Scanning Utility Now Available 

  Two days ago a vulnerability that affects Apache web server software was announced. The
vulnerability is a remote buffer overflow in the section of code that handles chunked-encoding
requests. It is possible for attackers to manipulate this vulnerability to execute code against
any vulnerable versions of Apache. This includes the Unix and Windows versions.

  http://www.eeye.com/html/Research/Tools/apachechunked.html


Now I just tested the servers I updated using the eeye tool, and it says they are still vulnerable.
Any RedHat users or developers on this group? Have you tried this? Are we actually NOT safe
using the patch supplied by RHN?

Thanks for any response.....


Best Regards,

Steve Leach
Network Manager
MI International Limited
Eaglescliffe Logistics Centre
Durham Lane
Egglescliffe
URL: http://www.askalix.com
TEL: 01642 356205
e-mail: sleach@askalix.com



Mime
View raw message