DOES ANYBODEY KNOW HOW TO CONFIGURE PPPOE SERVER ----- Original Message ----- From: "nikhil mehra" <[EMAIL PROTECTED]> Date: Thu, 27 Jun 2002 03:43:23 -0500 To: [EMAIL PROTECTED] Subject: Re: [ilugd]: (fwd) Apache mod_ssl off-by-one vulnerability
> Hi Raju,, > do u have an idea of how to configure a PPPOE server in linux. the client for this >srever can be linuxx or non linux based > > please help .. it is very urgent > ----- Original Message ----- > From: Raju Mathur <[EMAIL PROTECTED]> > Date: Thu, 27 Jun 2002 10:15:16 +0530 > To: [EMAIL PROTECTED], [EMAIL PROTECTED] > Subject: [ilugd]: (fwd) Apache mod_ssl off-by-one vulnerability > > > > [Phew, sure a big day for vulnerability reports! Please upgrade > > mod_ssl in Apache if you have installed it (note: apparently mod_ssl > > doesn't need to be enabled in a virtual host for your server to be > > vulnerable) -- Raju] > > > > This is an RFC 1153 digest. > > (1 message) > > ---------------------------------------------------------------------- > > > > Message-ID: <[EMAIL PROTECTED]> > > From: Jedi/Sector One <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: Apache mod_ssl off-by-one vulnerability > > Date: Mon, 24 Jun 2002 22:46:47 +0159 > > > > > > Product: mod_ssl - http://www.modssl.org/ > > Date: 06/24/2002 > > Summary: Off-by-one in mod_ssl 2.4.9 and earlier > > By: Frank Denis - [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > DESCRIPTION > > --------------------------------------------------------------------- > > > > This module provides strong cryptography for the Apache 1.3 webserver via the > > Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > > protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is > > based on SSLeay from Eric A. Young and Tim J. Hudson. > > > > The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was > > originally derived from software developed by Ben Laurie for use in the > > Apache-SSL HTTP server project. The mod_ssl package is licensed under a > > BSD-style license, which basically means that you are free to get and use it > > for commercial and non-commercial purposes. > > > > > > > > --------------------------------------------------------------------- > > VULNERABILITY > > --------------------------------------------------------------------- > > > > The Apache web server provides an extended API (EAPI) to easily extended the > > server with third-party modules, through various hooks called as needed. One > > of these hooks, rewrite_command, is called right after a configuration > > directive line was read and before it is processed. > > > > mod_ssl registers such a rewrite_command hook when backward compatibility is > > enabled. The ssl_compat_directive() is called for every line read in a > > configuration file. > > > > However, this function contains an off-by-one error in this code snippet : > > > > ... > > char *cp; > > char caCmd[1024]; > > char *cpArgs; > > ... > > cp = (char *)oline; > > for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < 1024; ) > > ^^^^^^^^ > > caCmd[i++] = *cp++; > > caCmd[i] = NUL; > > cpArgs = cp; > > ... > > > > oline is a pointer to a line being parsed, and whoose content can be > > arbitrary long, and controlled by untrusted users through ".htaccess" files. > > > > > > > > --------------------------------------------------------------------- > > IMPACT > > --------------------------------------------------------------------- > > > > Apart from global configuration files, Apache allows per-directory > > configuration files. Therefore, the bug can be triggered by any regular user > > through specially crafted ".htaccess" files. > > > > The stack can be smashed. Alexander Yurchenko <[EMAIL PROTECTED]> wrote a > > proof of concept exploit for OpenBSD to demonstrate that arbitrary code could > > be executed through ".htaccess" files. > > > > As noticed by Michal Zalewski <[EMAIL PROTECTED]>, you can cause an > > overflow in every child running to force all of them do what you want. This > > is way more dangerous than children forked for CGI execution. > > > > Possible implications include denial of service (by sending STOP signals to > > every child), adding fake entries to every log file (not only those from the > > virtualhost the .htaccess lies in), running arbitrary commands as the web > > server user regardless of ExecCGI and suexec settings and spoofing replies. > > > > > > > > --------------------------------------------------------------------- > > VULNERABLE SYSTEMS > > --------------------------------------------------------------------- > > > > Any system running the Apache web server with mod_ssl compiled in, and the > > "AllowOverride" directive not set to "None" for virtual hosts may be > > vulnerable if virtual hosts are managed by untrusted users. > > > > Systems may be vulnerable even if no virtual host actually use SSL features, > > as long as mod_ssl is compiled in. > > > > Apache 2.0 doesn't seem to ship this part of the mod_ssl source code and it > > is therefore not vulnerable. > > > > mod_ssl compiled without backward compatibility is not vulnerable. However, > > this feature is enabled by default. > > > > > > > > --------------------------------------------------------------------- > > WORKAROUND > > --------------------------------------------------------------------- > > > > Disallow per-directory configuration files by only having > > "AllowOverride None" directives in your httpd.conf file, and restart the web > > server. > > > > > > > > --------------------------------------------------------------------- > > FIXES > > --------------------------------------------------------------------- > > > > The mod_ssl development team was very reactive and a new version has just > > been released. mod_ssl 2.8.10 addresses the vulnerability and it is > > freely available from http://www.modssl.org/ . Upgrading from an earlier > > release is painless. > > > > The bug has also been fixed in OpenBSD-current, thanks to fgsch. > > > > The following oneliner patch also addresses the problem : > > > > --- pkg.sslmod/ssl_engine_compat.c.orig Sat Feb 23 19:45:23 2002 > > +++ pkg.sslmod/ssl_engine_compat.c Mon Jun 24 20:43:17 2002 > > @@ -309,7 +309,7 @@ > > * Extract directive name > > */ > > cp = (char *)oline; > > - for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < 1024; ) > > + for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < sizeof(caCmd) - 1; >) > > caCmd[i++] = *cp++; > > caCmd[i] = NUL; > > cpArgs = cp; > > > > Best regards, > > > > -Frank. > > > > -- > > __ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __ > > \ '/ <a href="http://www.PureFTPd.Org/"; target="_blank"> Secure FTP Server ></a> \' / > > \/ <a href="http://www.Jedi.Claranet.Fr/"; target="_blank"> Misc. free software ></a> \/ > > > > ------------------------------ > > > > End of this Digest > > ****************** > > > > -- > > Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ > > It is the mind that moves > > > > ================================================ > > To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header > > To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject >header > > Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org > > ================================================= > > > > > > -- > __________________________________________________________ > Sign-up for your own FREE Personalized E-mail at Mail.com > http://www.mail.com/?sr=signup > > Save up to $160 by signing up for NetZero Platinum Internet service. > http://www.netzero.net/?refcd=N2P0602NEP8 > > ================================================ > To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header > To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject >header > Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org > ================================================= > > -- _______________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup 1 cent a minute calls anywhere in the U.S.! http://www.getpennytalk.com/cgi-bin/adforward.cgi?p_key=RG9853KJ&url=http://www.getpennytalk.com ================================================ To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org =================================================
