[cobalt-security] RaQ-Blowchunks-Module.PKG available

[Michael Stauber <cobalt@xxxxxxxxxxxxxx>]

Hi all,

Mr. Chris Bailiff has released a perl script and an Apache module on Bugtraq 
with which "chunked encoding" attacks against Apache webservers can be 
stopped and logged:

http://online.securityfocus.com/archive/1/278281/2002-06-19/2002-06-25/0

Please note: It's not certain that this Apache module will stop *all* chunked 
encoding attacks agains Apache.

However, my personal opinion is that although it might offer no 100% 
protection it's certainly better than nothing. At least until SUN/Cobalt 
releases an official patch which addresses the problem. 

I put a quick and dirty PKG file for the RaQs (2/3/4) together which will 
install the Apache module and will make changes in /etc/httpd/conf/httpd.conf 
and /etc/admserv/conf/httpd.conf so that both Apache webservers on your RaQ 
utilize the module.

The PKG was tested on a RaQ3 and two RaQ4's and installed without problem. It 
*should* work on the RaQ2's, too, but I can't yet confirm that. Any 
volunteers for that?

If the install fails and your Apache(s) stop responding, then you can and 
should copy your old config files back to revert the changes:

As root:

cp /etc/httpd/conf/httpd.conf.bak /etc/httpd/conf/httpd.conf
cp /etc/admserv/conf/httpd.conf.bak /etc/admserv/conf/httpd.conf

.. and then restart the Apaches:

/etc/rc.d/init.d/admserv restart
/etc/rc.d/init.d/httpd restart

All credits go to Mr. Chris Bailiff. I'm just the packager. Send praise for 
the module to him and complains about the PKG to me. ;o)

The PKG is available for download here:

http://www.solarspeed.net/downloads.html

Reboot Required: No
Sends registration email: No

-- 

Mit freundlichen Grüßen / With best regards

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer