On Mon, 18 Aug 2003, at 12:34am, [EMAIL PROTECTED] wrote: > Elaborate, please.
I am running the latest RH release of apache. I was unaware of the security patch back-porting that distros do. I have been having a tough time pinpointing the source of my problems. First I should explain the situation, my webserver is 50 miles away from me and I have all remote access disabled other than ftp, so once a week I get physical access to it to do updates. Yesterday without warning my apache just crashed and started giving me this: Bad request! Your browser (or proxy) sent a request that this server could not understand. If you think this is a server error, please contact the webmaster Error 400 www.mydomain.com Mon 18 Aug 2003 07:30:34 AM EDT Apache/2.0.40 (Red Hat Linux) I wont have a chance to look at the logs until tomorrow, when I do I may be able to pinpoint the request that caused the crash. I think I may finally break down and setup ssh and sftp. Thanks, -Greg -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, August 18, 2003 1:37 AM To: Greater NH Linux User Group Subject: Re: Is Raw Hide Apache RPM stable with RH 9? On Mon, 18 Aug 2003, at 12:34am, [EMAIL PROTECTED] wrote: > My Apache 2.0.40 / RH 9 Web server seems to have been getting DoS'd more > frequently as of late. Elaborate, please. > I thought I had the most recent packages installed, but it turns out the > latest RPM redhat has released was for 2.0.40 ... Keep in mind that Red Hat, like many (most?) distro vendors, backports security fixes into their production releases. That helps reduce the scope of the changes that need to be made. Also keep in mind that bugs may be discovered in Apache that only affect certain configurations, and Red Hat's packages may be configured in such a way that they are not effected. That being said... It appears that the current Red Hat production release for RHL 9 is 2.0.40-21.3. From the information in the RHSA-2003:186-06 advisory[1], I conclude that release contains fixes up through Apache httpd 2.0.46, but no later. The Apache website[2] leads me to believe that several vulnerabilities are present in 2.0.46 which Red Hat release 2.0.40-21.3 might be vulnerable to. *That* being said... CAN-2003-0192 - It appears this would only affect you if you are using the "SSLCipherSuite" directive, and the worst exposure would be a weaker SSL cipher being chosen. CAN-2003-0254 - It appears this would only affect you if you are using Apache as an HTTP proxy, and connecting to an IPv6 FTP site via said proxy. CAN-2003-0253 - It appears this would only affect you if you have multiple listening sockets configured in Apache. [3] VU#379828 - I could not find any documentation on this issue. Even the CERT Vulnerability database does not have that VU# on file (not publicly, anyway). Thus, I cannot make an analysis. All in all, I would say running the latest RHL 9 production release should be safe, EXCEPT for the VU#379828 mystery bug. What little information I could find on that one certainly makes it sound like it would be exploitable for DoS. Footnotes --------- [1] https://rhn.redhat.com/errata/RHSA-2003-186.html [2] http://www.apache.org/dist/httpd/Announcement2.html [3] http://www.apacheweek.com/features/security-20 -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
