CRIME FW: NIPC Advisory 02-005 Remote Vulnerability in Apache Web Serve r Software

From: George Heuston (GeorgeH@private)
Date: Wed Jun 19 2002 - 14:11:29 PDT

  • Next message: nospam22@private: "Re: CRIME postings/e-mail from Heidi Henry -mcps@private"

     
    -----Original Message-----
    From: Nipc Watch [mailto:nipc.watch@private] 
    Sent: Wednesday, June 19, 2002 1:45 PM
    To: daily
    Subject: NIPC Advisory 02-005 Remote Vulnerability in Apache Web Server
    Software
    
    
    National Infrastructure Protection Center
    "Remote Vulnerabilities in Apache Web Server Software"
    Advisory 02-005
    19 June 2002
    
    
    
    The NIPC is issuing this advisory to highlight the significance of a
    vulnerability that could affect a majority of active Web sites and which is
    addressed in the following:
    
    Internet Security Systems Advisory
    Remote Compromise Vulnerability in Apache HTTP Server 
    http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20502
    <http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20502> 
    
    Apache Security Advisory 
    http://httpd.apache.org/info/security_bulletin_20020617.txt
    <http://httpd.apache.org/info/security_bulletin_20020617.txt> 
    
    CERT Advisory CA-2002-17
    Apache Web Server Chunk Handling Vulnerability 
    http://www.cert.org/advisories/CA-2002-17.html
    <http://www.cert.org/advisories/CA-2002-17.html> 
    
    NIPC research confirms the existence of a potential vulnerability in
    numerous versions of the open-source Apache Web Server Software. This
    vulnerability can allow remote access to the system.  This gives an intruder
    the ability to take control of the system and execute root level commands.  
    
    Background:
    
    The NIPC evaluated this vulnerability and found that Apache has a memory
    heap condition that, if carefully manipulated, can give an intruder the
    ability to run arbitrary commands on the victim's computer.  To date, this
    vulnerability is known to affect multiple versions of the Apache Software.  
    
    The NIPC considers this to be a significant threat due to the large
    installed base of Apache Servers, the potential for remote compromise, and
    the level of access granted by this vulnerability.  This advisory is being
    released in advance of any reported exploitations.  
    
    Recommendation:
    
    The Apache Software Foundation is currently working on a product release
    that resolves this issue.  Users are encouraged to visit
    http://httpd.apache.org/ <http://httpd.apache.org/>  in order to obtain
    updated versions of this open source product, and to consider the
    recommendations posted by ISS and CERT/CC.  
    
    As always, computer users are advised to remain vigilant in their intrusion
    detection and prevention efforts, and to keep their systems current by
    checking their vendor's Web sites frequently for new updates and to check
    for alerts put out by the NIPC, CERT/CC, and other cognizant organizations.
    
    The NIPC encourages recipients of this advisory to report computer
    intrusions to their local FBI office ( http://www.fbi.gov/contact/fo/fo.htm
    <http://www.fbi.gov/contact/fo/fo.htm> ) or the NIPC, and to other
    appropriate authorities. Recipients may report incidents online at
    http://www.nipc.gov/incident/cirr.htm
    <http://www.nipc.gov/incident/cirr.htm> , and can reach the NIPC Watch and
    Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@private
    <mailto:nipc.watch@private> .
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 15:25:10 PDT