[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Denial of Service Update 2.5
- Subject: [cobalt-security] Denial of Service Update 2.5
- From: Rod Todd <rodd_todd_1999@xxxxxxxxx>
- Date: Tue, 10 Oct 2000 11:31:08 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello, just wanted to verify the following claim and
reason to upgrade to their package which affects MIPS
based Cobalts:
>Qube2-Security-2.5-brosoft.pkg
>
>Security: Denial of Service Update 2.5 This security
>update fixes a denial of service(DoS) attack problem
>with Apache. Using a bug in the HTTP headers, anyone
>can call certain urls, that will result in Apache
>1.3.3 consuming all system resources. This DoS attack
>can affect any Apache 1.3.3 web server. Applies only
>to Apache 1.3.3, Apache 1.3.1 is not vulnerable to
>this type of attack. Installing this update will
>eliminate the vulnerability to DoS attack.
>This package is based on Cobalt Networks package but
>only updates the Web-server not the adminserver as
>the one we deliver is based on 1.3.4 and not
>vulnerable to this DoS problem.
Also, anyone use Brosoft's secure Admin; does it still
protect the popup windows that ask for passwords?
Cheers,
RT
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/