apache web VULNERABILITY

[Scott Lanning]

On Fri, 21 Jun 2002, Anand A Rao wrote:
>     One of my friends sent this info ... can some one comment on this ?

Hi, I'm unsure what you want a comment about: the technical details
of the vulnerability itself, the fact that _Apache_ is vulnerable
this time, the speed with which fixed versions were made available
(one day), the vulnerability scanner, the potential damage from the
worm, is it being exploited for publicity, etc.

> ALERT - APACHE WEB VULNERABILITY
>
> Free Vulnerability Scanning Utility Now Available
>
> Two days ago a vulnerability that affects Apache web server software was
> announced. The vulnerability is a remote buffer overflow in the section of
> code that handles chunked-encoding requests. It is possible for attackers to
> manipulate this vulnerability to execute code against any vulnerable
> versions of Apache. This includes the Unix and Windows versions.
>
> It should also be noted that since the Apache vulnerability was released,
> exploit programs that take advantage of the vulnerability have been
> distributed to the Internet. This makes the chances of attack, and even the
> possibility a large scale attack such as a worm, much greater.
>
> Due to the fact that Apache is the most deployed web server software on the
> Internet, detecting and patching this vulnerability is critical for many
> administrators. eEye has created a free tool that IT administrators can use
> to scan their networks for vulnerable Apache servers. The tool also provides
> a link to information on how to correctly patch vulnerable servers.
>
> To learn more about the free scanning tool visit:
> http://www.eeye.com/html/Research/Tools/apachechunked.html
>
> Note: A recent update to eEye's Retina Network Security Scanner included an
> audit for this particular Apache vulnerability. Retina users should be sure
> to run an "Auto-Update" to obtain this and other new vulnerability checks.