[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Denial of Service Update 2.5

Subject: [cobalt-security] Denial of Service Update 2.5
From: Rod Todd <rodd_todd_1999@xxxxxxxxx>
Date: Tue, 10 Oct 2000 11:31:08 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello, just wanted to verify the following claim and
reason to upgrade to their package which affects MIPS
based Cobalts:

>Qube2-Security-2.5-brosoft.pkg
>
>Security: Denial of Service Update 2.5 This security
>update fixes a denial of service(DoS) attack problem
>with Apache. Using a bug in the HTTP headers, anyone
>can call certain urls, that will result in Apache
>1.3.3 consuming all system resources. This DoS attack
>can affect any Apache 1.3.3 web server. Applies only
>to Apache 1.3.3, Apache 1.3.1 is not vulnerable to
>this type of attack. Installing this update will
>eliminate the vulnerability to DoS attack. 
>This package is based on Cobalt Networks package but
>only updates the Web-server not the adminserver as
>the one we deliver is based on 1.3.4 and not
>vulnerable to this DoS problem. 

Also, anyone use Brosoft's secure Admin; does it still
protect the popup windows that ask for passwords?
Cheers,
RT





__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/

Prev by Date: [cobalt-security] Secure way to backup MIPS machines with SMB
Next by Date: Re: [cobalt-security] Secure way to backup MIPS machines with SMB
Previous by thread: Re: [cobalt-security] Secure way to backup MIPS machines with SMB
Next by thread: [cobalt-security] Denial of Service Update 2.5

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index