[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive

Subject: Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
From: "Rick Garcia" <rick@xxxxxxxxxxxxxx>
Date: Sat, 22 Jun 2002 14:27:29 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Thanks for the detailed instructions Michael.  I understand the
vulnerability still exists, however, I feel that this approach is certainly
better than nothing from the sounds of it... generalcuster.exe -

Worked like a charm.

Rick Garcia

----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Saturday, June 22, 2002 1:55 PM
Subject: Re: [cobalt-security] Fw: blowchunks - protecting existing apache
servers until upgrades arrive


> Hi Rick,
>
> > I've noticed that both
> > /usr/sbin/httpd
> > /usr/sbin/httpd.admsrv
> > are compiled with DSO and mod_perl supprort - can anyone confirm that
the
> > below code attaches to apache as stated in the below post?  This sounds
> > like a perfect bandaid until we here from sun on the officialy patch.
> >
> > Anyone with a development server and 2 minutes?
>
> Yepp, when I saw it on bugtraq I tested it out right away. Works like a
charm
> on the RaQ4. Stops the attack dead in its tracks and logs the IP of the
> attacker in /var/log/httpd/error
>
> I'm now applying the fix to all my productive servers. I thought about
> building a PKG around blowchunks.c, but heck: Installing it is very easy:
>
> /usr/sbin/apxs -i -a -c mod_blowchunks.c
>
> Then open up /etc/httpd/conf/httpd.conf in an editor and change the line
...
>
> LoadModule blowchunks_module  lib/apache/mod_blowchunks.so
>
> .... to ...
>
> LoadModule blowchunks_module  /usr/lib/apache/mod_blowchunks.so
>
> and restart Apache:
>
> /etc/rc.d/init.d/httpd start
>
> Next is the Admin Server. There we only need to edit the config file to
add
> the support:
>
> pico /etc/admserv/conf/httpd.conf
>
> Add the following two lines:
>
> LoadModule blowchunks_module  /usr/lib/apache/mod_blowchunks.so
> AddModule mod_blowchunks.c
>
> Restart the Admin Server:
>
> /etc/rc.d/init.d/admserv restart
>
> That's it.
>
> But beware: While blowchunks *might* offer some protection it's not sure
that
> it does protect you 100% all the way agains this exploit.
>
> And there are still the vulnerable mod_ssl and mod_perl in our Apaches.
:o(
>
> --
>
> Mit freundlichen Grüßen / With best regards
>
> Michael Stauber
> mstauber@xxxxxxxxxxxxxx
> Unix/Linux Support Engineer
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

Follow-Ups:
- Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
  - From: Michael Stauber

References:
- [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
  - From: Rick Garcia
- Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
Next by Date: Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
Previous by thread: Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive
Next by thread: Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index