Hi Raju,, do u have an idea of how to configure a PPPOE server in linux. the client for this srever can be linuxx or non linux based
please help .. it is very urgent ----- Original Message ----- From: Raju Mathur <[EMAIL PROTECTED]> Date: Thu, 27 Jun 2002 10:15:16 +0530 To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [ilugd]: (fwd) Apache mod_ssl off-by-one vulnerability > [Phew, sure a big day for vulnerability reports! Please upgrade > mod_ssl in Apache if you have installed it (note: apparently mod_ssl > doesn't need to be enabled in a virtual host for your server to be > vulnerable) -- Raju] > > This is an RFC 1153 digest. > (1 message) > ---------------------------------------------------------------------- > > Message-ID: <[EMAIL PROTECTED]> > From: Jedi/Sector One <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Apache mod_ssl off-by-one vulnerability > Date: Mon, 24 Jun 2002 22:46:47 +0159 > > > Product: mod_ssl - http://www.modssl.org/ > Date: 06/24/2002 > Summary: Off-by-one in mod_ssl 2.4.9 and earlier > By: Frank Denis - [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > DESCRIPTION > --------------------------------------------------------------------- > > This module provides strong cryptography for the Apache 1.3 webserver via the > Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is > based on SSLeay from Eric A. Young and Tim J. Hudson. > > The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was > originally derived from software developed by Ben Laurie for use in the > Apache-SSL HTTP server project. The mod_ssl package is licensed under a > BSD-style license, which basically means that you are free to get and use it > for commercial and non-commercial purposes. > > > > --------------------------------------------------------------------- > VULNERABILITY > --------------------------------------------------------------------- > > The Apache web server provides an extended API (EAPI) to easily extended the > server with third-party modules, through various hooks called as needed. One > of these hooks, rewrite_command, is called right after a configuration > directive line was read and before it is processed. > > mod_ssl registers such a rewrite_command hook when backward compatibility is > enabled. The ssl_compat_directive() is called for every line read in a > configuration file. > > However, this function contains an off-by-one error in this code snippet : > > ... > char *cp; > char caCmd[1024]; > char *cpArgs; > ... > cp = (char *)oline; > for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < 1024; ) > ^^^^^^^^ > caCmd[i++] = *cp++; > caCmd[i] = NUL; > cpArgs = cp; > ... > > oline is a pointer to a line being parsed, and whoose content can be > arbitrary long, and controlled by untrusted users through ".htaccess" files. > > > > --------------------------------------------------------------------- > IMPACT > --------------------------------------------------------------------- > > Apart from global configuration files, Apache allows per-directory > configuration files. Therefore, the bug can be triggered by any regular user > through specially crafted ".htaccess" files. > > The stack can be smashed. Alexander Yurchenko <[EMAIL PROTECTED]> wrote a > proof of concept exploit for OpenBSD to demonstrate that arbitrary code could > be executed through ".htaccess" files. > > As noticed by Michal Zalewski <[EMAIL PROTECTED]>, you can cause an > overflow in every child running to force all of them do what you want. This > is way more dangerous than children forked for CGI execution. > > Possible implications include denial of service (by sending STOP signals to > every child), adding fake entries to every log file (not only those from the > virtualhost the .htaccess lies in), running arbitrary commands as the web > server user regardless of ExecCGI and suexec settings and spoofing replies. > > > > --------------------------------------------------------------------- > VULNERABLE SYSTEMS > --------------------------------------------------------------------- > > Any system running the Apache web server with mod_ssl compiled in, and the > "AllowOverride" directive not set to "None" for virtual hosts may be > vulnerable if virtual hosts are managed by untrusted users. > > Systems may be vulnerable even if no virtual host actually use SSL features, > as long as mod_ssl is compiled in. > > Apache 2.0 doesn't seem to ship this part of the mod_ssl source code and it > is therefore not vulnerable. > > mod_ssl compiled without backward compatibility is not vulnerable. However, > this feature is enabled by default. > > > > --------------------------------------------------------------------- > WORKAROUND > --------------------------------------------------------------------- > > Disallow per-directory configuration files by only having > "AllowOverride None" directives in your httpd.conf file, and restart the web > server. > > > > --------------------------------------------------------------------- > FIXES > --------------------------------------------------------------------- > > The mod_ssl development team was very reactive and a new version has just > been released. mod_ssl 2.8.10 addresses the vulnerability and it is > freely available from http://www.modssl.org/ . Upgrading from an earlier > release is painless. > > The bug has also been fixed in OpenBSD-current, thanks to fgsch. > > The following oneliner patch also addresses the problem : > > --- pkg.sslmod/ssl_engine_compat.c.orig Sat Feb 23 19:45:23 2002 > +++ pkg.sslmod/ssl_engine_compat.c Mon Jun 24 20:43:17 2002 > @@ -309,7 +309,7 @@ > * Extract directive name > */ > cp = (char *)oline; > - for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < 1024; ) > + for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < sizeof(caCmd) - 1; ) > caCmd[i++] = *cp++; > caCmd[i] = NUL; > cpArgs = cp; > > Best regards, > > -Frank. > > -- > __ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __ > \ '/ <a href="http://www.PureFTPd.Org/"; target="_blank"> Secure FTP Server </a> > \' / > \/ <a href="http://www.Jedi.Claranet.Fr/"; target="_blank"> Misc. free software ></a> \/ > > ------------------------------ > > End of this Digest > ****************** > > -- > Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ > It is the mind that moves > > ================================================ > To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header > To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject >header > Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org > ================================================= > > -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Save up to $160 by signing up for NetZero Platinum Internet service. http://www.netzero.net/?refcd=N2P0602NEP8 ================================================ To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org =================================================
