Bug 160247

Summary: Website vulnerability (DoS)
Product: Documentation Reporter: Alvaro <gobledb>
Component: Books & ArticlesAssignee: Cluster Admin <clusteradm>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Alvaro 2011-08-28 02:10:08 UTC 
The problem is on mod_deflate.



===>Action

> perl killapache.pl www.freebsd.org 50

host seems vuln

ATTACKING www.freebsd.org [using 50 forks]



Redhat reported this but is waiting for Apache Foundation



https://bugzilla.redhat.com/show_bug.cgi?id=732928



http://www.exploit-db.com/exploits/17696/



Note: PC-BSD has got a better security that OpenBSD (wtf) and FreeBSD (?)

> perl killapache.pl www.pcbsd.org 50

Host does not seem vulnerable



> perl killapache.pl www.openbsd.org 50

host seems vuln

ATTACKING www.openbsd.org [using 50 forks]

=====> References

http://www.dslreports.com/forum/r26243047-Apache-1.x-2.x-Range-header-security-issue

http://seclists.org/fulldisclosure/2011/Aug/175



Cheers!

Fix: 

Disable mod_deflate and wait Apache Foundation will correct it. (I think so)
How-To-Repeat: Download the scipt

Install devel/p5-Parallel-ForkManager

perl script_name.pl www.freebsd.org 50
Comment 1 Glen Barber freebsd_committer freebsd_triage 2011-08-28 02:20:38 UTC 
On 8/27/11 9:02 PM, Alvaro wrote:
>> Description:
> The problem is on mod_deflate.
> 

No it isn't.

http://seclists.org/fulldisclosure/2011/Aug/236

-- 
Glen Barber | gjb@FreeBSD.org
FreeBSD Documentation Project
Comment 2 Gavin Atkinson freebsd_committer freebsd_triage 2011-08-29 18:42:37 UTC 
Responsible Changed
From-To: freebsd-www->clusteradm

Over to clusteradm
Comment 3 Glen Barber freebsd_committer freebsd_triage 2011-09-04 04:23:23 UTC 
On 9/3/11 10:41 PM, Alvaro Castillo wrote:
> On Sun, Sep 4, 2011 at 3:23 AM, Glen Barber <gjb@freebsd.org> wrote:
>> On 9/3/11 9:35 PM, Alvaro Castillo wrote:
>>>>
>>>> Sorry, but www.freebsd.org does not use Apache.
>>>>
>>> How that not?
>>>
>>> Netblock Owner        IP address      OS      Web Server      Last changed
>>> 701 First Ave Sunnyvale CA US 94089   69.147.83.34    FreeBSD httpd/1.4.x
>>> LaHonda       27-Aug-2011
>>>
>>
>> Not Apache.
>>
>>> Netblock Owner        IP address      OS      Web Server      Last changed
>>> University of Alberta 352 General Services Building Edmonton AB CA
>>> T6G-2H1       142.244.12.42   unknow Apache    8-Aug-2011
>>>
>>
>> Not FreeBSD.
>>
>>> Netblock Owner        IP address      OS      Web Server      Last changed
>>> Internet Systems Consortium, Inc. 950 Charter Street Redwood City CA
>>> US 94063      204.152.190.12  NetBSD/OpenBSD  Apache/2.2.17 Unix      11-Aug-2011
>>>
>>
>> Not FreeBSD.
>>
> Sorry, the before script is contain issues.
> 
> perl killapache2.pl www.freebsd.org 1
> ### Request ###
> HEAD / HTTP/1.1
> Host: www.freebsd.org
> Range:bytes=0-100
> Accept-Encoding: gzip
> Connection: close
> ### returned Status Code ->
> ### Host does not seem vulnerable. Or Redirect. Or File not found. Or
> Bad Request.
> ### Exit.
> 
> So, if not Apache. What is?
> 

Sorry, you'll need to do your own homework here.

I'm closing this PR.

-- 
Glen Barber | gjb@FreeBSD.org
FreeBSD Documentation Project
Comment 4 Glen Barber freebsd_committer freebsd_triage 2011-09-04 04:24:08 UTC 
State Changed
From-To: open->closed

Submitter acknowledges this is a non-issue on the FreeBSD.org site.