Apache HTTP Server mod_deflate Remote Denial Of Service Vulnerability

[ravishankar.gundlapali at wipro.com]

Hi ,

I have below mentioned action items on me which my security team identified .

Please let me know whether the solution you have provided earlier is same for these?

Can anyone let me know the procedure for this...


1)Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability

2)Apache HTTP Server mod_proxy stream_reqbody_cl Function Denial of Service Vulnerability

3)Apache HTTP Server mod_deflate Remote Denial Of Service Vulnerability

4)Apache APR and APR-util Multiple Integer Overflow Vulnerabilities


Thanks & Regards,
Ravi G
Wipro Technologies - India 

 please consider the environment - do you really need to print this email?


-----Original Message-----
From: Jim Perrin [mailto:jperrin at gmail.com] 
Sent: Saturday, March 06, 2010 7:31 PM
To: Ravishankar Gundlapali (WT01 - ENERGY & UTILITIES)
Cc: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Apache HTTP Server mod_deflate Remote Denial Of Service Vulnerability

On Sat, Mar 6, 2010 at 8:16 AM,  <ravishankar.gundlapali at wipro.com> wrote:
> Hi,
>     I am using Nagios 3.2.4 with Nagios-Plugins-1.4.14 and on Red Hat Fedora
> Linux ver 10.1.
> My security team has identified the following vulnerability and they have
> given a action item for me.
> Apache HTTP Server mod_deflate Remote Denial Of Service Vulnerability
> Please someone help me what action can be taken on this.

This is an apache issue and not really a nagios issue. You should
check with your vendor (aka Fedora) for an updated apache fix that
addresses the vulnerability your security team identified.

On a personal note I'd recommend not using fedora for a server if you
want to have any sense of long-term usage of the system. Fedora tends
to go through releases rather quickly, where distros more targeted to
the enterprise have several years of support for a release. For
example: RHEL, CentOS and Scientific Linux all support their releases
for 7 years.  Fedora supports a release for around 12-18 months.

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null