[BlueOnyx:08551] Re: Apache DoS exploit kit

Ken - Precision Web Hosting, Inc kenlists at precisionweb.net
Thu Sep 22 12:07:27 -05 2011 

----- Original Message ----- 
From: "Michael Stauber" <mstauber at blueonyx.it>
To: "BlueOnyx General Mailing List" <blueonyx at mail.blueonyx.it>
Sent: Thursday, September 22, 2011 5:03 AM
Subject: [BlueOnyx:08542] Re: Apache DoS exploit kit


> Hi Ken,
>
>> For some reason on BlueQuartz, the lines above cause the facebook agent 
>> to
>> get a 302 and not fetch the preview for the page.
>> I also don't see an apache update in the yum.log on this.
>>
>> Anyone know more on this?
>
> On CentOS4 the CentOS team released Apache updates on September 2nd to fix 
> the
> problem:
>
> Sep 02 06:00:43 Updated: httpd-manual.i386 2.0.52-48.ent.centos4
> Sep 02 06:00:44 Updated: httpd-suexec.i386 2.0.52-48.ent.centos4
> Sep 02 06:00:46 Updated: httpd.i386 2.0.52-48.ent.centos4
>
> * Wed Aug 31 2011 Joe Orton <jorton at redhat.com> - 2.0.52-48.ent
> - add security fix for CVE-2011-3192 (#733058)
>
> On CentOS5 it was fixed with the updated Apache from 14th September:
>
> Sep 14 22:57:12 Updated: httpd-2.2.3-53.el5.centos.1.i386
> Sep 14 22:57:27 Updated: httpd-manual-2.2.3-53.el5.centos.1.i386
>
> * Wed Aug 31 2011 Joe Orton <jorton at redhat.com> - 2.2.3-53.1
> - add security fix for CVE-2011-3192 (#733059)
>
> Scientific Linux had it sorted on September 2nd in SL6:
>
> Sep 02 05:39:29 Updated: httpd-tools-2.2.15-9.sl6.2.i686
> Sep 02 05:39:32 Updated: httpd-2.2.15-9.sl6.2.i686
> Sep 02 05:39:32 Updated: httpd-devel-2.2.15-9.sl6.2.i686
>
> * Tue Aug 30 2011 Joe Orton <jorton at redhat.com> - 2.2.15-9.2,
> - updated patch for CVE-2011-3192 from upstream (#733062)
>
> * Fri Aug 26 2011 Jan Kaluza <jkaluza at redhat.com> - 2.2.15-9.1
> - fix #733062 -  backported CVE-2011-3192 fix from httpd trunk
>
> So you can now safely remove the lines ...
>
> RewriteEngine On
> RewriteCond %{HTTP:Range} bytes=0-.* [NC]
> RewriteRule .? http://%{SERVER_NAME}/ [R=302,L]
>
> ... from each and any /etc/httpd/conf/vhosts/site*.include files again.
>
> -- 
> With best regards
>
> Michael Stauber


Michael

Thanks for the info. I thought I had yum updated and checked the logs but I 
see I was wrong. I do see the yum updates now.

Thanks

Ken Marcus

More information about the Blueonyx mailing list