Hi all, Mr. Chris Bailiff has released a perl script and an Apache module on Bugtraq with which "chunked encoding" attacks against Apache webservers can be stopped and logged:
http://online.securityfocus.com/archive/1/278281/2002-06-19/2002-06-25/0 Please note: It's not certain that this Apache module will stop *all* chunked encoding attacks agains Apache. However, my personal opinion is that although it might offer no 100% protection it's certainly better than nothing. At least until SUN/Cobalt releases an official patch which addresses the problem. I put a quick and dirty PKG file for the RaQs (2/3/4) together which will install the Apache module and will make changes in /etc/httpd/conf/httpd.conf and /etc/admserv/conf/httpd.conf so that both Apache webservers on your RaQ utilize the module. The PKG was tested on a RaQ3 and two RaQ4's and installed without problem. It *should* work on the RaQ2's, too, but I can't yet confirm that. Any volunteers for that? If the install fails and your Apache(s) stop responding, then you can and should copy your old config files back to revert the changes: As root: cp /etc/httpd/conf/httpd.conf.bak /etc/httpd/conf/httpd.conf cp /etc/admserv/conf/httpd.conf.bak /etc/admserv/conf/httpd.conf .. and then restart the Apaches: /etc/rc.d/init.d/admserv restart /etc/rc.d/init.d/httpd restart All credits go to Mr. Chris Bailiff. I'm just the packager. Send praise for the module to him and complains about the PKG to me. ;o) The PKG is available for download here: http://www.solarspeed.net/downloads.html Reboot Required: No Sends registration email: No -- Mit freundlichen Gr��en / With best regards Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
