ut the mailing list address in my address book), so
please consider passing this on.
Yesterday a nasty Apache DoS vuln was released. So far all versions of
Apache is affected by this. Here are some advisories:
RedHat:
https://bugzilla.redhat.com/show_bug.cgi?id=3D732928
Debian:
https://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C201=
10824161640.122D387DD@???%3E
While I have not managed to work out a mitigation strategy for
Ubuntu/Debian servers, the following works rather nicely on RHEL5 and
RHEL6 (so could be good to go for CentOS too):
Create /etc/httpd/conf.d/setenvif.conf with the following:
<IfModule mod_setenvif.c>
# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=3D1
RequestHeader unset Range env=3Dbad-range
# optional logging.
CustomLog /your/log/dir/range-CVE-2011-3192.log common
env=3Dbad-range
</IfModule>
Restart apache
That should do it nicely! :-)
More reading here:
http://eromang.zataz.com/2011/08/24/cve-2011-3192-apache-httpd-killer-remot=
e-denial-of-service/
Please pass on to the Bitfolk community at your discretion.
--=20
Regards,
Jan Henkins
--=20
Regards,
Jan Henkins
--/Uq4LBwYP4y1W6pO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAk5WcvIACgkQIJm2TL8VSQtK2ACcCBN/lsVfyS2U6HtcScc9vsCx
VcQAoN20NKrkYfeBThFkji4NMSMPqtox
=WY6M
-----END PGP SIGNATURE-----
--/Uq4LBwYP4y1W6pO--
--===============1643597500==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
announce mailing list
announce@???
https://lists.bitfolk.com/mailman/listinfo/announce
--===============1643597500==--
From announce-bounces+users=lists.bitfolk.com@??? Tue Aug 30 00:02:16 2011
Received: from localhost ([127.0.0.1] helo=bitfolk.com)
by bitfolk.com with esmtp (Exim 4.72) (envelope-from
<announce-bounces+users=lists.bitfolk.com@???>)
id 1QyBmQ-0008Bl-Hx
for users@???; Tue, 30 Aug 2011 00:02:14 +0000
Received: from andy by bitfolk.com with local (Exim 4.72)
(envelope-from <andy@???>) id 1QyBmN-0008Be-Of
for announce@???; Tue, 30 Aug 2011 00:02:11 +0000
Date: Tue, 30 Aug 2011 00:02:11 +0000
From: Andy Smith <andy@???>
To: announce@???
Message-ID: <20110830000211.GY19219@???>
References: <20110825160610.GX19219@???>
MIME-Version: 1.0
In-Reply-To: <20110825160610.GX19219@???>
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanner: Scanned by ClamAV on bitfolk.com at Tue,
30 Aug 2011 00:02:11 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd2.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS shortcircuit=no
autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
X-BeenThere: announce@???
X-Mailman-Version: 2.1.11
Precedence: list
Content-Type: multipart/mixed; boundary="===============1833277829=="
Sender: announce-bounces+users=lists.bitfolk.com@???
Errors-To: announce-bounces+users=lists.bitfolk.com@???
X-Virus-Scanner: Scanned by ClamAV on bitfolk.com at Tue,
30 Aug 2011 00:02:14 +0000
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: announce-bounces+users=lists.bit
