Apache 1.3.x proxy hole

From: Joe Hamelin (nethead_at_gmail.com)
Date: 07/07/04

  • Next message: Uwe Doering: "Re: Apache 1.3.x proxy hole" 
    Date: Wed, 7 Jul 2004 11:10:00 -0700
To: freebsd-isp@freebsd.org

    Techworld is reporting that: "The bug affects Apache 1.3.x
    installations configured to act as proxy servers, which relay requests
    between a Web browser and the Internet. When a vulnerable server
    connects to a malicious site, a specially-crafted packet can be used
    to exploit the vulnerability, according to security researcher Georgi
    Guninski, who has publicly released exploit code."
     
    http://bsdnews.com/view_story.php3?story_id=4628

    http://www.techworld.com/opsys/news/index.cfm?newsid=1814&page=1&pagepos=2

    Does anyone know of a FreeBSD patch for this out yet? 

    -- 
Joe Hamelin 
Edmonds, WA, US
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
  • Next message: Uwe Doering: "Re: Apache 1.3.x proxy hole"

    Relevant Pages

    • Re: Apache 1.3.x proxy hole
      ... > installations configured to act as proxy servers, ... > between a Web browser and the Internet. ... When a vulnerable server ... The links in the respective advisories lead to GG's advisory #69. ...
      (freebsd-isp)
    • How online extremists evade capture
      ... As a general rule, any computer that is connected to the internet can be located because it has a unique identity, known as an IP address. ... The name and address of the person to whom the IP address is registered will, in turn, be known to their internet service provider (ISP). ... Sometimes, however, a computer owner can connect to the internet via a series of computers known as 'proxy servers' which obscure the owner's location. ... Much of the search for online extremists focuses on websites, but there are a range of other methods that can be used to communicate via the internet, including 'chat' and peer-to-peer technologies, which can be more difficult to track. ...
      (alt.privacy)
    • Corrupted Cache / Slider Bar Issue.
      ... Server not found "friendly page" comes up at every internet site request), ... The internal proxies do not cache ... clients direct for anything on the intranet and uses the proxy for things ... All of our proxy servers are running Squid 2.5. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: XP Proxy Server / Internet Connection Sharing
      ... I've been reading up on proxy servers and one of their primary uses is ... for internet connection sharing. ... built-in ICS, does XP employs a "personal" proxy server of sorts? ... doesn't require any changes in the network configuration of programs ...
      (microsoft.public.windowsxp.network_web)
    • Re: IIS 4.0 Proxy 2.0 Open WWW Proxy
      ... this is like probably the number one security problem with ... proxy servers, so I'm sure the instructions for this must be posted at ... >> Have a leased line connection to the internet which ... >> access in the IIS web site directory security settings). ...
      (microsoft.public.inetserver.iis.security)