FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-25-2011, 04:33 PM
 
Default Apache warns Web server admins of DoS attack tool

Anyone have any idea how soon RHEL and CentOS will be releasing the patch
package?

Excerpt:
Computerworld - Developers of the Apache open-source project today
warned users of the popular Web server software that a denial-of-service
(DoS) tool is circulating that exploits a bug in the program.

The tool, called "Apache Killer," showed up last Friday in a post to the
"Full Disclosure" security mailing list.

Today, the Apache project acknowledged the vulnerability that the attack
tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in
the next 48 hours.
--- end excerpt ---

<http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_admins_of_DoS_attack_tool>

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-25-2011, 04:35 PM
Karanbir Singh
 
Default Apache warns Web server admins of DoS attack tool

On 08/25/2011 05:33 PM, m.roth@5-cent.us wrote:
> Anyone have any idea how soon RHEL and CentOS will be releasing the patch
> package?

keep an eye on this :
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3192#c5

- KB
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-25-2011, 04:43 PM
Dave Ihnat
 
Default Apache warns Web server admins of DoS attack tool

On Thu, Aug 25, 2011 at 12:33:45PM -0400, m.roth@5-cent.us wrote:
> Anyone have any idea how soon RHEL and CentOS will be releasing the patch
> package?

Nobody can, of course, which is why I immediately went to the advisory
and implemented the workaround documented there:

http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/browser

I implemented Option 1. Remember to make "headers.load" (or whatever is
necessary to load the headers_module) enabled.

Cheers,
--
Dave Ihnat
President, DMINET Consulting, Inc.
dihnat@dminet.com

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-25-2011, 04:49 PM
Colin Coles
 
Default Apache warns Web server admins of DoS attack tool

On Thursday 25 Aug 2011, m.roth@5-cent.us wrote:
> Anyone have any idea how soon RHEL and CentOS will be releasing the patch
> package?
>
> Excerpt:
> Computerworld - Developers of the Apache open-source project today
> warned users of the popular Web server software that a denial-of-service
> (DoS) tool is circulating that exploits a bug in the program.
>
> The tool, called "Apache Killer," showed up last Friday in a post to the
> "Full Disclosure" security mailing list.
>
> Today, the Apache project acknowledged the vulnerability that the attack
> tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in
> the next 48 hours.
> --- end excerpt ---
>
> <http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_adm
> ins_of_DoS_attack_tool>

There are some work-around suggestions here:
http://lwn.net/Articles/456268/

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-25-2011, 06:14 PM
Paul Preston
 
Default Apache warns Web server admins of DoS attack tool

Hi Mark,

Denial of Service attacks are the easiest to perform. Simple script like to one below will kill most of the webservers (especially if they use keepalives). I would advise you to add mod_security module to apache.

While true; do wget <url> &;done

You can go even further by adding a parameter with a random string at the end of url...

Kind Regards,

--
Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel: (+44) 0844 809 4335
Fax: (+44) 01732 459 423
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston@proxar.co.uk

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of m.roth@5-cent.us
Sent: 25 August 2011 17:34
To: CentOS mailing list; redhat
Subject: Apache warns Web server admins of DoS attack tool

Anyone have any idea how soon RHEL and CentOS will be releasing the patch package?

Excerpt:
Computerworld - Developers of the Apache open-source project today warned users of the popular Web server software that a denial-of-service
(DoS) tool is circulating that exploits a bug in the program.

The tool, called "Apache Killer," showed up last Friday in a post to the "Full Disclosure" security mailing list.

Today, the Apache project acknowledged the vulnerability that the attack tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours.
--- end excerpt ---

<http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_admins_of_DoS_attack_tool>

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Please note that we may monitor or record telephone calls, email traffic data and also the content of email for the purposes of security and staff training. This message (and any associated file or documentation) is intended only for the use of the individual or entity to whom it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notifiedthat any dissemination, copying or distribution of this message, or files and documentation associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from oyur computer. Any views or opinions presented are solely those of the authorand do not necessarily represent those of the company.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-25-2011, 06:19 PM
Paul Preston
 
Default Apache warns Web server admins of DoS attack tool

Mark,

I have just had a look at the script and it's a simple tcp wrapper which opens multiple simultaneous connections...

Don't panic - it's a kiddie script... although it will be effective if you don't follow simple security rules. Mod_security will handle it well so again, add mod_security to your servers.

Kind Regards,

--
Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel: (+44) 0844 809 4335
Fax: (+44) 01732 459 423
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston@proxar.co.uk


-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of m.roth@5-cent.us
Sent: 25 August 2011 17:34
To: CentOS mailing list; redhat
Subject: Apache warns Web server admins of DoS attack tool

Anyone have any idea how soon RHEL and CentOS will be releasing the patch package?

Excerpt:
Computerworld - Developers of the Apache open-source project today warned users of the popular Web server software that a denial-of-service
(DoS) tool is circulating that exploits a bug in the program.

The tool, called "Apache Killer," showed up last Friday in a post to the "Full Disclosure" security mailing list.

Today, the Apache project acknowledged the vulnerability that the attack tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours.
--- end excerpt ---

<http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_admins_of_DoS_attack_tool>

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Please note that we may monitor or record telephone calls, email traffic data and also the content of email for the purposes of security and staff training. This message (and any associated file or documentation) is intended only for the use of the individual or entity to whom it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notifiedthat any dissemination, copying or distribution of this message, or files and documentation associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from oyur computer. Any views or opinions presented are solely those of the authorand do not necessarily represent those of the company.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-25-2011, 06:36 PM
 
Default Apache warns Web server admins of DoS attack tool

Paul,

Paul Preston wrote:
>
> I have just had a look at the script and it's a simple tcp wrapper which
> opens multiple simultaneous connections...
>
> Don't panic - it's a kiddie script... although it will be effective if you
> don't follow simple security rules. Mod_security will handle it well so
> again, add mod_security to your servers.
>
I know what a DoS is. As I'm partly responsible for a number of US gov't
webservers, I have to worry.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-25-2011, 07:09 PM
Always Learning
 
Default Apache warns Web server admins of DoS attack tool

On Thu, 2011-08-25 at 12:33 -0400, m.roth@5-cent.us wrote:
> Anyone have any idea how soon RHEL and CentOS will be releasing the patch
> package?
>
> Excerpt:
> Computerworld - Developers of the Apache open-source project today
> warned users of the popular Web server software that a denial-of-service
> (DoS) tool is circulating that exploits a bug in the program.

>
<http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_adm
ins_of_DoS_attack_tool>

There are some work-around suggestions here:
http://lwn.net/Articles/456268/

Thanks Mark for the warning and also to Colin. I am sure CENTOS users
appreciate it. I certainly do.

The temporary fix is shown on several web sites as this, shown below,
added to Apache's conf file:-


# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

I've done this on the Apache's main conf file and restarted it. httpd
appear to be working normally on reliable Centos 5.6.

Its great having a Centos mailing list where concerned Centos users can
post news about issues affecting other Centos users, even if the posting
user accidentally forgets to mention which version of Centos is
affected.

Have a nice day everyone.

Paul.




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-25-2011, 08:31 PM
Kenneth Porter
 
Default Apache warns Web server admins of DoS attack tool

--On Thursday, August 25, 2011 9:09 PM +0100 Always Learning
<centos@u61.u22.net> wrote:

> The temporary fix is shown on several web sites as this, shown below,
> added to Apache's conf file:-

I try to minimize changes to main files. Presumably putting that code in a
separate file (eg. conf.d/RangeVulnerabilityWorkaround.conf) should work
equally well?


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-25-2011, 08:45 PM
Always Learning
 
Default Apache warns Web server admins of DoS attack tool

On Thu, 2011-08-25 at 13:31 -0700, Kenneth Porter wrote:

> --On Thursday, August 25, 2011 9:09 PM +0100 Always Learning
> <centos@u61.u22.net> wrote:
>
> > The temporary fix is shown on several web sites as this, shown below,
> > added to Apache's conf file:-

> I try to minimize changes to main files. Presumably putting that code in a
> separate file (eg. conf.d/RangeVulnerabilityWorkaround.conf) should work
> equally well?

I have a different set-up but I believe your suggestion should work.

I have broken-up the very large conf file (/etc/httpd/conf/httpd.conf)
into 3 main parts. Part 1 is left in situ. Parts 2 and 3 are located
elsewhere.

#-------------- Section 2: 'Main' server configuration -------------

Include /data/config/apache/server.conf

#--------------- Section 3: Virtual Hosts -------------------------

include /data/config/apache/domain.*

#----------------------------------------------------------------------


Paul.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org