Configuring the Apache web server to prevent denial of service attack in Symantec Endpoint Protection 12.1.2 (12.1 RU2) and later

Article:TECH205208  |  Created: 2013-04-17  |  Updated: 2014-05-23  |  Article URL http://www.symantec.com/docs/TECH205208
Article Type
Technical Solution

Product(s)

Issue



Vulnerability testing shows that Symantec Endpoint Protection Manager (SEPM) is vulnerable to a specific denial of service exploit, CVE-2007-6750, related to the lack of the mod_reqtimeout module in the Apache web server.


Environment



  • Symantec Endpoint Protection (SEP) 12.1.2 (12.1 Release Update 2, or RU2)
  • Symantec Endpoint Protection (SEP) 12.1.2.1 (12.1 Release Update 2 Maintenance Patch 1, or RU2 MP1)
  • Symantec Endpoint Protection (SEP) 12.1.3 (12.1 Release Update 3, or RU3)

Later releases of the Symantec Endpoint Protection Manager are not vulnerable to this exploit.

 


Solution



This issue is fixed in Symantec Endpoint Protection 12.1 Release Update 4 (SEP 12.1.4).  Upgrade to take advantage of this and many other enhancements and improvements.

If it is not immediately possible to upgrade, work around this issue by implementing the module that is missing in Apache. This workaround applies only to the Symantec Endpoint Protection versions noted above. If you use a build earlier than 12.1.2, you should upgrade directly to version 12.1.4 or later.

Warning: if you implement the workaround when using version 12.1.2 and decide to upgrade to 12.1.2.1 or 12.1.3, you must apply this workaround again.

To add the module to the Apache web server:

  1. Download and save to disk the mod_reqtimeout.so module attached to this document.
     
  2. Copy the file into the %SEPM_Install_Dir%\apache\modules directory.
    Note: On most systems, the default SEPM installation directory is C:\Program Files\Symantec\Symantec Endpoint Protection Manager.
     
  3. Open %SEPM_Install_Dir%\apache\conf\httpd.conf with a plain text editor such as Notepad, and then add the following lines to the bottom:
     
    LoadModule reqtimeout_module modules/mod_reqtimeout.so
    <IfModule reqtimeout_module>
    RequestReadTimeout header=10-60,MinRate=1024 body=30-120,MinRate=1024
    </IfModule>

     
    Note: The default configuration settings for mod_reqtimeout are basic settings. You may want to further adjust them for your needs. For more info, see the following page:
    http://httpd.apache.org/docs/2.2/mod/mod_reqtimeout.html
     
  4. Restart the Symantec Endpoint Protection Manager Webserver service.
     

 


Attachments

The mod_reqtimeout.so file
mod_reqtimeout.so (19 kBytes)

Supplemental Materials

SourceETrack
Value3147778, 3147764, 3147776



Article URL http://www.symantec.com/docs/TECH205208


Terms of use for this information are found in Legal Notices