[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] problem with RaQ4-All-Security-1.0.1-10602 update

Subject: Re: [cobalt-security] problem with RaQ4-All-Security-1.0.1-10602 update
From: John Brock <john.brock@xxxxxxx>
Date: Thu, 23 Aug 2001 11:42:43 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Jeff Lovell is correct in that this Apache 1.3.20 patch only affects
those customers that have installed the Chili!Soft ASP 3.6 patch.

The "Quickest" solution to Apache not starting after applying the Apache
1.3.20 patch, is to disable the ASP completely.  This will, of course,
not allow you to run asp pages from this server until we can get a fix
out that solves the problem.

Here are the steps for getting the ASP out of the Apache configuration:

1)  Telnet to the machine and su to root.
2)  Open the httpd.conf file in an editor and do the following:

	comment out LoadModule for ASP (this line loads a module called
mod_casp2.so)
	comment out AddModule for ASP  (this line loads a module called
mod_casp2.c)

3)  Save the httpd.conf file
4)  Open the srm.conf file in an editor and do the following:

	comment out CaspLib

5)  Save the srm.conf file.
6)  Start the Apache server.

The reason that all of this is happening is that the Chili!Soft ASP 3.6
PKG contains a mod_casp2.so module that is compiled against the Apache
1.3.12 header files.  When the Apache 1.3.20 patch is installed, it also
installs a newly compiled mod_casp2.so file for Chili!Soft ASP 3.5.2. 
This is why the 3.5.2 customers are not affected.  Chili!Soft will be
developing a new mod_casp2.so file for version 3.6 that is compiled
against this Apache 1.3.20 version, making it available to all affected
customers as quickly as possible.

--jb

mark wrote:
> 
> I downloaded and tried to install the apache update 1.0.1, the install said
> that everything went fine.  However httpd suddenly stopped working.  I tried
> doing an /etc/rc.d/init.d/httpd restart  and even a reboot, but nothing
> works.  I can't get the admin pages to show, so I have no access to admin web
> gui.  Also none of the web pages are working.  When I start apache manually I
> get this error:
> 
> Setting up Web Services: chiliasp: Failed to open libcasp2ap.so
> Check your LD_LIBRARY_PATH environment variable
> /usr/sbin/httpd
> 
> When I do a ps -aux |grep httpd
> nothing is listed.  I do a netstat -a and nothing shows up for port 80 or 81
> 
> However for some reason this has not affected the chiliasp server from
> running. both asp-apache-3000 and asp-admin-5100 run just fine.
> 
> I tried to do use the RaQ4-All-Security-1.0.1-10602-1.0.1-10602.uninst script
> to downgrade apache, but this seems to have no effect.
> 
> I try reinstalling the upgrade and it says the install script fails.
> Currently I'm in limbo land.  Does anyone have a similar problem or a fix?
> 
> mark
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security

-- 
John "JB" Brock
The Cook
Chili!Soft Product Management Team
Sun Microsystems

Follow-Ups:
- Re: [cobalt-security] problem with RaQ4-All-Security-1.0.1-10602 update
  - From: mark

References:
- [cobalt-security] problem with RaQ4-All-Security-1.0.1-10602 update
  - From: mark

Prev by Date: Re: [cobalt-security] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
Next by Date: RE: [cobalt-security] problem with RaQ4-All-Security-1.0.1-10602 update
Previous by thread: [cobalt-security] problem with RaQ4-All-Security-1.0.1-10602 update
Next by thread: Re: [cobalt-security] problem with RaQ4-All-Security-1.0.1-10602 update

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index