Opened 18 years ago

Closed 18 years ago

#79 closed task (invalid)

possible SVN corruption in MapGuide vault?

Reported by: waltweltonlair Owned by: sac@…
Priority: major Milestone:
Component: SysAdmin Keywords:
Cc:

Description

When I try to commit any change to the http://svn.osgeo.org/mapguide/trunk/MgDev/Web/src/mapviewerjava directory I get errors like the following:

Sending product.jsp Transmitting file data .svn: Commit failed (details follow): svn: PUT of '/mapguide/!svn/wrk/f7df244e-09a7-7545-b620-314ad3e076c1/trunk/MgDev/Web/src/mapviewerjava/product.jsp': Could not read status line: An existing connection was forcibly closed by the remote host. (http://svn.osgeo.org)

Is everything ok with the repository?

Walt

Change History (4)

comment:1 by warmerdam, 18 years ago

See also, ticket #78 which may be related.

I'm suspecting that the "Could not read status line: An existing connection was forcibly closed by the remote host." message is due to a connection timeout.

comment:2 by warmerdam, 18 years ago

Resolution: fixed
Status: newclosed

trevorwekel reports:

I found the problem! I happened to notice a bunch of these messages in my Proventia Desktop log:

[Denial of Service] This signature detects an HTTP URL request that contains QUOT;jsp?" followed by more than 2000 characters.

Here at Autodesk Proventia is installed by our IT group on all our Windows machines.

That also explains why it wokred for me on Linux.

I think we can call tickets 78 and 79 fixed. We will take this up with our IT group...

comment:3 by waltweltonlair, 18 years ago

Resolution: fixed
Status: closedreopened

I just heard back from Autodesk IT, and according to them the correct method to resolve this issue would be to apply the required patch to the web server. See the following info...


WebLogic redirect request plug-in buffer overflow can be used to gain root (HTTP_WebLogic_PluginBO)

Vulnerability description

BEA WebLogic Server and WebLogic Express versions 5.1.0 and 4.5.x are vulnerable to a buffer overflow in the plugin that allows other Web servers to redirect requests to the WebLogic server. By requesting a Java Server Page (.JSP file) from the BEA WebLogic server with a URL containing 2048 characters or more, a remote attacker can overflow a buffer and crash the Web server or execute arbitrary code on the system. An attacker may be able to use this to gain root level privileges in Unix or SYSTEM privileges in Windows NT.

How to remove this vulnerability

Apply the proxy plug-in patch, as listed in BEA Systems, Inc. Security Advisory BEA00-05.01. See References.

References

BEA Systems, Inc. Security Advisory BEA00-05.01
Patch Available for Buffer Overflow in BEA WebLogic Server Proxy Plug-In
http://dev2dev.bea.com/pub/advisory/40

comment:4 by jbirch, 18 years ago

Resolution: invalid
Status: reopenedclosed

Walt,

The problem is that your security system is getting tripped because the SVN commit signature looks the same as the security issue that is indicated in that alert.

There's nothing that can be done on the OSGeo server to prevent your IPS from seeing an SVN commit of a JSP file followed by N bytes as this vulnerability.

At this point I think your options are to get your IT department to drop the rule, to create a special policy just for your workstation (if this is possible with your software), or to continue using Linux to commit JSP files.

I had the same thing happen to me with our CheckPoint SPI firewall last year. It wouldn't allow me to view MapBender maps because they contained too many characters in an image tag (the WMS string). Eventually, my tech support guys made a special rule for me, and then once they were happy that all of the workstations had been patched against that particular vulnerability they turned it off altogether.

Note: See TracTickets for help on using tickets.