[BlueOnyx:08542] Re: Apache DoS exploit kit

[Michael Stauber]

Hi Ken,

> For some reason on BlueQuartz, the lines above cause the facebook agent to 
> get a 302 and not fetch the preview for the page.
> I also don't see an apache update in the yum.log on this.
> 
> Anyone know more on this?

On CentOS4 the CentOS team released Apache updates on September 2nd to fix the 
problem:

Sep 02 06:00:43 Updated: httpd-manual.i386 2.0.52-48.ent.centos4
Sep 02 06:00:44 Updated: httpd-suexec.i386 2.0.52-48.ent.centos4
Sep 02 06:00:46 Updated: httpd.i386 2.0.52-48.ent.centos4

* Wed Aug 31 2011 Joe Orton <jorton at redhat.com> - 2.0.52-48.ent
- add security fix for CVE-2011-3192 (#733058)

On CentOS5 it was fixed with the updated Apache from 14th September:

Sep 14 22:57:12 Updated: httpd-2.2.3-53.el5.centos.1.i386
Sep 14 22:57:27 Updated: httpd-manual-2.2.3-53.el5.centos.1.i386

* Wed Aug 31 2011 Joe Orton <jorton at redhat.com> - 2.2.3-53.1
- add security fix for CVE-2011-3192 (#733059)

Scientific Linux had it sorted on September 2nd in SL6:

Sep 02 05:39:29 Updated: httpd-tools-2.2.15-9.sl6.2.i686
Sep 02 05:39:32 Updated: httpd-2.2.15-9.sl6.2.i686
Sep 02 05:39:32 Updated: httpd-devel-2.2.15-9.sl6.2.i686

* Tue Aug 30 2011 Joe Orton <jorton at redhat.com> - 2.2.15-9.2,
- updated patch for CVE-2011-3192 from upstream (#733062)

* Fri Aug 26 2011 Jan Kaluza <jkaluza at redhat.com> - 2.2.15-9.1
- fix #733062 -  backported CVE-2011-3192 fix from httpd trunk

So you can now safely remove the lines ... 

RewriteEngine On
RewriteCond %{HTTP:Range} bytes=0-.* [NC]
RewriteRule .? http://%{SERVER_NAME}/ [R=302,L]

... from each and any /etc/httpd/conf/vhosts/site*.include files again.

-- 
With best regards

Michael Stauber