[Info-vax] 'Kill tool' released for unpatched Apache server vulnerability
John Nebel
john.nebel at csdco.com
Thu Aug 25 12:45:59 EDT 2011
As <http://labs.hoffmanlabs.com/node/1767> indicates, even with
mod_deflate shut off, the exploit will affect OpenVMS.
[root at arethusa ~]# ./kill_apache.pl www.whatever.com
host seems vuln
ATTACKING whatever [using 500 forks]
If one adds these to httpd.conf
LoadModule headers_module modules/mod_headers.exe
RequestHeader unset Range
[root at arethusa ~]# ./kill_apache.pl www.whatever.com
Host does not seem vulnerable
SWS 2.2 update 1 and 2.1-1 update 2
John
On 8/25/11 7:49 AM, Craig A. Berry wrote:I've
>
>
> Craig A. Berry wrote:
>>
>>
>> Neil Rieck wrote:
>>> Just cross posting here:
>>>
>>> 'Kill tool' released for unpatched Apache server vulnerability:
>>>
>>> http://www.zdnet.com/blog/security/kill-tool-released-for-unpatched-apache-server-vulnerability/9304?tag=nl.e589
>>>
>>>
>>> quote: A patch or new apache release for Apache 2.0 and 2.2 is
>>> expected later this week
>>>
>>> Does anyone know if this affects the OpenVMS flavor of Apache? IIRC,
>>> SWS Version 2.2 is based on Apache 2.0.63
>>
>> It says it requires the use of mod_deflate.
>
> But it doesn't. At least I could easily bring my SWS instance to its
> knees even though I don't have mod_deflate enabled. For details see:
>
> <http://labs.hoffmanlabs.com/node/1767>
>
> It may be that my little old XP1000 simply can't handle that many
> requests (even valid ones) and it has nothing to do with the range
> header vulnerability. Or it may be that mod_deflate doesn't have as much
> to do with the vulnerability as the initial analysis indicated. In any
> case, folks running Apache should assume they are vulnerable until
> proven otherwise, regardless of platform.
> _______________________________________________
> Info-vax mailing list
> Info-vax at rbnsn.com
> http://rbnsn.com/mailman/listinfo/info-vax_rbnsn.com
More information about the Info-vax
mailing list