Hi Rick, > I've noticed that both > /usr/sbin/httpd > /usr/sbin/httpd.admsrv > are compiled with DSO and mod_perl supprort - can anyone confirm that the > below code attaches to apache as stated in the below post? This sounds > like a perfect bandaid until we here from sun on the officialy patch. > > Anyone with a development server and 2 minutes?
Yepp, when I saw it on bugtraq I tested it out right away. Works like a charm on the RaQ4. Stops the attack dead in its tracks and logs the IP of the attacker in /var/log/httpd/error I'm now applying the fix to all my productive servers. I thought about building a PKG around blowchunks.c, but heck: Installing it is very easy: /usr/sbin/apxs -i -a -c mod_blowchunks.c Then open up /etc/httpd/conf/httpd.conf in an editor and change the line ... LoadModule blowchunks_module lib/apache/mod_blowchunks.so .... to ... LoadModule blowchunks_module /usr/lib/apache/mod_blowchunks.so and restart Apache: /etc/rc.d/init.d/httpd start Next is the Admin Server. There we only need to edit the config file to add the support: pico /etc/admserv/conf/httpd.conf Add the following two lines: LoadModule blowchunks_module /usr/lib/apache/mod_blowchunks.so AddModule mod_blowchunks.c Restart the Admin Server: /etc/rc.d/init.d/admserv restart That's it. But beware: While blowchunks *might* offer some protection it's not sure that it does protect you 100% all the way agains this exploit. And there are still the vulnerable mod_ssl and mod_perl in our Apaches. :o( -- Mit freundlichen Gr��en / With best regards Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
