Re: [cobalt-security] Apache worm that uses the chunk vulnerability - in the wild

["Rick Garcia" <rick@xxxxxxxxxxxxxx>]

Hi Michael -
Do you happen to know what version the Apache update 2.0.1 updates apache
to?  Not to 2.0.1?!?  I've heard there are PHP issues with 2.x apache and
I'm not ready to go that route.

Also - what is your recommendation for installing this Apache update?  I
have seen you post in the past that you do your updates through ssh - would
you recommend the same for this upgrade and if so, do you think you could be
so kind as to list the instructions for the Raq4?  This will be the first
time I have upgraded any of the packages via the command line.  Thanks
either way - your help is always appreciated.

Rick Garcia

----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, June 28, 2002 3:14 PM
Subject: Re: [cobalt-security] Apache worm that uses the chunk
vulnerability - in the wild


> Domas Mituzkas just reported that he found the sourcecode:
>
> http://dammit.lt/apache-worm/apache-worm.c
>
> Normally I don't post spoilers of this sort, but special times, special
means.
> So although it has NOT yet been officially  announced: The updated Apache
> PKGs for some Cobalts have been uploaded to the Cobalt FTP server:
>
> RaQ2:
>
ftp://ftp.cobalt.com/pub/packages/raq2/eng/RaQ2-All-Security-4.0.1-15417.pkg
>
> RaQ4:
>
ftp://ftp.cobalt.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.1-15417.pkg
>
> RaQ3 / Qube3 / XTR / RaQ550:
> Not there yet
>
> There is also an unanounced All-Security-2.0.1-14559.pkg for some
plattforms
> which upgrades tcpdump and libpcap.
>
> --
>
> Mit freundlichen Grüßen / With best regards
>
> Michael Stauber
> mstauber@xxxxxxxxxxxxxx
> Unix/Linux Support Engineer
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>