CRIME FW: NIPC Advisory 02-005.1

From: George Heuston (GeorgeH@private)
Date: Fri Jun 21 2002 - 17:40:01 PDT

  • Next message: Steve Coffman: "CRIME First people injected with ID chips, sales drive kicks off"

     
    
    -----Original Message-----
    From: Nipc Watch
    To: daily
    Sent: 6/21/02 3:36 PM
    Subject: NIPC Advisory 02-005.1
    
    National Infrastructure Protection Center
    Remote Vulnerabilities in the Apache Web Server Software
    Advisory 02-005.1
    June 19, 2002 (Revised June 21, 2002)
    
    [Revision from the original document are indicated in bold]
    
    
    
    This advisory updates NIPC Advisory 02-005 which highlighted the
    significance of a    vulnerability that could affect a majority of
    active Web sites. The Apache Software Foundation has made available
    product updates as solutions to this vulnerability. Users are encouraged
    to visit http://httpd.apache.org/ <http://httpd.apache.org/>  to obtain
    updated versions of this open source product.
    
    This issue is further addressed in the following:
     
     Apache Security Advisory 
      http://httpd.apache.org/info/security_bulletin_20020620.txt
    <http://httpd.apache.org/info/security_bulletin_20020620.txt> 
     
     CERT Advisory CA-2002-17
     Apache Web Server Chunk Handling Vulnerability 
    http://www.cert.org/advisories/CA-2002-17.html
    <http://www.cert.org/advisories/CA-2002-17.html> 
    
     Internet Security Systems Advisory
     Apache HTTP Server Exploit in Circulation
     
    http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20524
    <http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20524
    > 
    
     NIPC research confirms the existence of a potential vulnerability in
    numerous versions of the open-source Apache Web Server Software.  This
    vulnerability can allow remote access to the system with the permissions
    of the web server.
    
     Background:
    
     The NIPC evaluated this vulnerability and found that Apache has a
    memory heap condition that, if carefully manipulated, can give an
    intruder the ability to run arbitrary commands on the victim's computer.
    To date, this vulnerability is known to affect multiple versions of the
    Apache Software. 
    
     The NIPC considers this to be a significant threat due to the large
    installed base of Apache Servers, the potential for remote compromise,
    and the level of access granted by this vulnerability.  This advisory is
    being released in advance of any reported exploitations. 
    
     Recommendation:
    
    Users are encouraged to visit http://httpd.apache.org/
    <http://httpd.apache.org/>  to obtain updated versions of the Apache
    open source product, and to consider the recommendations posted by ISS
    and CERT/CC. 
    
     As always, computer users are advised to remain vigilant in their
    intrusion detection and prevention efforts, and to keep their systems
    current by checking their vendor's Web sites frequently for new updates
    and to check for alerts put out by the NIPC, CERT/CC, and other
    cognizant organizations.
    
     The NIPC encourages recipients of this advisory to report computer
    intrusions to their local FBI office (
    http://www.fbi.gov/contact/fo/fo.htm
    <http://www.fbi.gov/contact/fo/fo.htm> ) or the NIPC, and to other
    appropriate authorities.  Recipients may report incidents online at
    http://www.nipc.gov/incident/cirr.htm
    <http://www.nipc.gov/incident/cirr.htm> , and can reach the NIPC Watch
    and Warning
     Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch
    



    This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 19:18:38 PDT