From nobody@FreeBSD.org Sun Aug 28 01:02:57 2011 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0AC73106566B for ; Sun, 28 Aug 2011 01:02:57 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id EF8ED8FC08 for ; Sun, 28 Aug 2011 01:02:56 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p7S12u0O022734 for ; Sun, 28 Aug 2011 01:02:56 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p7S12ujx022732; Sun, 28 Aug 2011 01:02:56 GMT (envelope-from nobody) Message-Id: <201108280102.p7S12ujx022732@red.freebsd.org> Date: Sun, 28 Aug 2011 01:02:56 GMT From: Alvaro To: freebsd-gnats-submit@FreeBSD.org Subject: Website vulnerability X-Send-Pr-Version: www-3.1 X-GNATS-Notify: >Number: 160247 >Category: www >Synopsis: Website vulnerability (DoS) >Confidential: no >Severity: critical >Priority: high >Responsible: clusteradm >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Aug 28 01:10:08 UTC 2011 >Closed-Date: Sun Sep 04 03:24:39 UTC 2011 >Last-Modified: Sun Sep 4 03:30:07 UTC 2011 >Originator: Alvaro >Release: none >Organization: none >Environment: FreeBSD shuttle0.lan 9.0-BETA1 FreeBSD 9.0-BETA1 #4: Fri Aug 26 05:37:30 WEST 2011 netSys@shuttle0.lan:/usr/obj/usr/src/sys/GALILEO amd64 >Description: The problem is on mod_deflate. ===>Action > perl killapache.pl www.freebsd.org 50 host seems vuln ATTACKING www.freebsd.org [using 50 forks] Redhat reported this but is waiting for Apache Foundation https://bugzilla.redhat.com/show_bug.cgi?id=732928 http://www.exploit-db.com/exploits/17696/ Note: PC-BSD has got a better security that OpenBSD (wtf) and FreeBSD (?) > perl killapache.pl www.pcbsd.org 50 Host does not seem vulnerable > perl killapache.pl www.openbsd.org 50 host seems vuln ATTACKING www.openbsd.org [using 50 forks] =====> References http://www.dslreports.com/forum/r26243047-Apache-1.x-2.x-Range-header-security-issue http://seclists.org/fulldisclosure/2011/Aug/175 Cheers! >How-To-Repeat: Download the scipt Install devel/p5-Parallel-ForkManager perl script_name.pl www.freebsd.org 50 >Fix: Disable mod_deflate and wait Apache Foundation will correct it. (I think so) >Release-Note: >Audit-Trail: From: Glen Barber To: Alvaro Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-www@freebsd.org Subject: Re: www/160247: Website vulnerability Date: Sat, 27 Aug 2011 21:20:38 -0400 On 8/27/11 9:02 PM, Alvaro wrote: >> Description: > The problem is on mod_deflate. > No it isn't. http://seclists.org/fulldisclosure/2011/Aug/236 -- Glen Barber | gjb@FreeBSD.org FreeBSD Documentation Project Responsible-Changed-From-To: freebsd-www->clusteradm Responsible-Changed-By: gavin Responsible-Changed-When: Mon Aug 29 17:42:37 UTC 2011 Responsible-Changed-Why: Over to clusteradm http://www.freebsd.org/cgi/query-pr.cgi?pr=160247 State-Changed-From-To: open->closed State-Changed-By: gjb State-Changed-When: Sun Sep 4 03:24:08 UTC 2011 State-Changed-Why: Submitter acknowledges this is a non-issue on the FreeBSD.org site. http://www.freebsd.org/cgi/query-pr.cgi?pr=160247 From: Glen Barber To: Alvaro Castillo Cc: freebsd-www@FreeBSD.org, bug-followup@FreeBSD.org Subject: Re: www/160247: Website vulnerability Date: Sat, 03 Sep 2011 23:23:23 -0400 On 9/3/11 10:41 PM, Alvaro Castillo wrote: > On Sun, Sep 4, 2011 at 3:23 AM, Glen Barber wrote: >> On 9/3/11 9:35 PM, Alvaro Castillo wrote: >>>> >>>> Sorry, but www.freebsd.org does not use Apache. >>>> >>> How that not? >>> >>> Netblock Owner IP address OS Web Server Last changed >>> 701 First Ave Sunnyvale CA US 94089 69.147.83.34 FreeBSD httpd/1.4.x >>> LaHonda 27-Aug-2011 >>> >> >> Not Apache. >> >>> Netblock Owner IP address OS Web Server Last changed >>> University of Alberta 352 General Services Building Edmonton AB CA >>> T6G-2H1 142.244.12.42 unknow Apache 8-Aug-2011 >>> >> >> Not FreeBSD. >> >>> Netblock Owner IP address OS Web Server Last changed >>> Internet Systems Consortium, Inc. 950 Charter Street Redwood City CA >>> US 94063 204.152.190.12 NetBSD/OpenBSD Apache/2.2.17 Unix 11-Aug-2011 >>> >> >> Not FreeBSD. >> > Sorry, the before script is contain issues. > > perl killapache2.pl www.freebsd.org 1 > ### Request ### > HEAD / HTTP/1.1 > Host: www.freebsd.org > Range:bytes=0-100 > Accept-Encoding: gzip > Connection: close > ### returned Status Code -> > ### Host does not seem vulnerable. Or Redirect. Or File not found. Or > Bad Request. > ### Exit. > > So, if not Apache. What is? > Sorry, you'll need to do your own homework here. I'm closing this PR. -- Glen Barber | gjb@FreeBSD.org FreeBSD Documentation Project >Unformatted: