Thanks for the detailed instructions Michael. I understand the vulnerability still exists, however, I feel that this approach is certainly better than nothing from the sounds of it... generalcuster.exe -
Worked like a charm. Rick Garcia ----- Original Message ----- From: "Michael Stauber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 22, 2002 1:55 PM Subject: Re: [cobalt-security] Fw: blowchunks - protecting existing apache servers until upgrades arrive > Hi Rick, > > > I've noticed that both > > /usr/sbin/httpd > > /usr/sbin/httpd.admsrv > > are compiled with DSO and mod_perl supprort - can anyone confirm that the > > below code attaches to apache as stated in the below post? This sounds > > like a perfect bandaid until we here from sun on the officialy patch. > > > > Anyone with a development server and 2 minutes? > > Yepp, when I saw it on bugtraq I tested it out right away. Works like a charm > on the RaQ4. Stops the attack dead in its tracks and logs the IP of the > attacker in /var/log/httpd/error > > I'm now applying the fix to all my productive servers. I thought about > building a PKG around blowchunks.c, but heck: Installing it is very easy: > > /usr/sbin/apxs -i -a -c mod_blowchunks.c > > Then open up /etc/httpd/conf/httpd.conf in an editor and change the line ... > > LoadModule blowchunks_module lib/apache/mod_blowchunks.so > > .... to ... > > LoadModule blowchunks_module /usr/lib/apache/mod_blowchunks.so > > and restart Apache: > > /etc/rc.d/init.d/httpd start > > Next is the Admin Server. There we only need to edit the config file to add > the support: > > pico /etc/admserv/conf/httpd.conf > > Add the following two lines: > > LoadModule blowchunks_module /usr/lib/apache/mod_blowchunks.so > AddModule mod_blowchunks.c > > Restart the Admin Server: > > /etc/rc.d/init.d/admserv restart > > That's it. > > But beware: While blowchunks *might* offer some protection it's not sure that > it does protect you 100% all the way agains this exploit. > > And there are still the vulnerable mod_ssl and mod_perl in our Apaches. :o( > > -- > > Mit freundlichen Gr��en / With best regards > > Michael Stauber > [EMAIL PROTECTED] > Unix/Linux Support Engineer > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
