[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
- Subject: Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sat, 22 Jun 2002 22:55:32 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Rick,
> I've noticed that both
> /usr/sbin/httpd
> /usr/sbin/httpd.admsrv
> are compiled with DSO and mod_perl supprort - can anyone confirm that the
> below code attaches to apache as stated in the below post? This sounds
> like a perfect bandaid until we here from sun on the officialy patch.
>
> Anyone with a development server and 2 minutes?
Yepp, when I saw it on bugtraq I tested it out right away. Works like a charm
on the RaQ4. Stops the attack dead in its tracks and logs the IP of the
attacker in /var/log/httpd/error
I'm now applying the fix to all my productive servers. I thought about
building a PKG around blowchunks.c, but heck: Installing it is very easy:
/usr/sbin/apxs -i -a -c mod_blowchunks.c
Then open up /etc/httpd/conf/httpd.conf in an editor and change the line ...
LoadModule blowchunks_module lib/apache/mod_blowchunks.so
.... to ...
LoadModule blowchunks_module /usr/lib/apache/mod_blowchunks.so
and restart Apache:
/etc/rc.d/init.d/httpd start
Next is the Admin Server. There we only need to edit the config file to add
the support:
pico /etc/admserv/conf/httpd.conf
Add the following two lines:
LoadModule blowchunks_module /usr/lib/apache/mod_blowchunks.so
AddModule mod_blowchunks.c
Restart the Admin Server:
/etc/rc.d/init.d/admserv restart
That's it.
But beware: While blowchunks *might* offer some protection it's not sure that
it does protect you 100% all the way agains this exploit.
And there are still the vulnerable mod_ssl and mod_perl in our Apaches. :o(
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer