SecurityTracker.com Archives - (Red Hat Issues Fix for RH Enterprise Linux) Apache mod

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > Apache mod_alias

Vendors: Apache Software Foundation

(Red Hat Issues Fix for RH Enterprise Linux) Apache mod_alias Contains a Buffer Overflow

SecurityTracker Alert ID: 1008457

CVE Reference: CAN-2003-0542 (Links to External Site)

Date: Dec 12 2003

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.0.47 and prior versions

Description: A vulnerability was reported in the Apache mod_alias component. A remote user may be able to trigger a buffer overflow.

It is reported that both mod_alias and mod_rewrite contain a buffer overflow. If the administrator has configured a regular expression with more than 9 captures, the overflow can be triggered.

[Editor's note: The Apache notice did not indicate the impact of the buffer overflow.]

Impact: [Editor's note: The Apache notice did not indicate the impact of the buffer overflow.]

Vendor URL: httpd.apache.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Red Hat)

Underlying OS Comments: Red Hat Enterprise Linux 2.1

Reported By: bugzilla@redhat.com

Message History: This archive entry is a follow-up to the message listed below.

Oct 29 2003

Apache mod_alias Contains a Buffer Overflow

Source Message Contents

Date: Wed, 10 Dec 2003 11:55 -0500
From: bugzilla@redhat.com
Subject: [RHSA-2003:360-01] Updated apache packages fix minor security vulnerability

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated apache packages fix minor security vulnerability
Advisory ID:       RHSA-2003:360-01
Issue date:        2003-12-10
Updated on:        2003-12-10
Product:           Red Hat Enterprise Linux
Keywords:          Apache httpd ASF
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0542
- ---------------------------------------------------------------------

1. Topic:

Updated Apache packages that fix a minor security issue are now available
for Red Hat Enterprise Linux.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.

An issue in the handling of regular expressions from configuration files
was discovered in releases of the Apache HTTP Server version 1.3 prior to
1.3.29. To exploit this issue an attacker would need to have the ability
to write to Apache configuration files such as .htaccess or httpd.conf. A
carefully-crafted configuration file can cause an exploitable buffer
overflow and would allow the attacker to execute arbitrary code in the
context of the server (in default configurations as the 'apache' user).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0542 to this issue.

This update also includes an alternative version of the httpd binary which
supports setting the MaxClients configuration directive to values above 256.

All users of the Apache HTTP Web Server are advised to upgrade to the
applicable errata packages, which contain back-ported fixes correcting
the above security issue.

Note that the instructions in the "Solution" section of this errata contain
additional steps required to complete the upgrade process.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

After the errata packages are installed, restart the Web service by running
the following command as root:

/sbin/service httpd restart

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

110328 - CAN-2003-0542 local buffer overflow in config file parsing

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/apache-1.3.27-6.ent.src.rpm

i386:
Available from Red Hat Network: apache-1.3.27-6.ent.i386.rpm
Available from Red Hat Network: apache-devel-1.3.27-6.ent.i386.rpm
Available from Red Hat Network: apache-manual-1.3.27-6.ent.i386.rpm

ia64:
Available from Red Hat Network: apache-1.3.27-6.ent.ia64.rpm
Available from Red Hat Network: apache-devel-1.3.27-6.ent.ia64.rpm
Available from Red Hat Network: apache-manual-1.3.27-6.ent.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/apache-1.3.27-6.ent.src.rpm

ia64:
Available from Red Hat Network: apache-1.3.27-6.ent.ia64.rpm
Available from Red Hat Network: apache-devel-1.3.27-6.ent.ia64.rpm
Available from Red Hat Network: apache-manual-1.3.27-6.ent.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/apache-1.3.27-6.ent.src.rpm

i386:
Available from Red Hat Network: apache-1.3.27-6.ent.i386.rpm
Available from Red Hat Network: apache-devel-1.3.27-6.ent.i386.rpm
Available from Red Hat Network: apache-manual-1.3.27-6.ent.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/apache-1.3.27-6.ent.src.rpm

i386:
Available from Red Hat Network: apache-1.3.27-6.ent.i386.rpm
Available from Red Hat Network: apache-devel-1.3.27-6.ent.i386.rpm
Available from Red Hat Network: apache-manual-1.3.27-6.ent.i386.rpm



7. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------
181c7ad14dc07f2d5b1f9f87628fd178 2.1AS/en/os/SRPMS/apache-1.3.27-6.ent.src.rpm
d7042fd77f2cafd3fed6f48d19b1616e 2.1AS/en/os/i386/apache-1.3.27-6.ent.i386.rpm
2fd538f63149df9f06740b88bbd65b0e 2.1AS/en/os/i386/apache-devel-1.3.27-6.ent.i386.rpm
050a4db7059767582b270e7f66cd055c 2.1AS/en/os/i386/apache-manual-1.3.27-6.ent.i386.rpm
f0dd0996cab77c0398aecb1ba673a4b8 2.1AS/en/os/ia64/apache-1.3.27-6.ent.ia64.rpm
1cf5a1b6d052b1cf1af870a9cb87b917 2.1AS/en/os/ia64/apache-devel-1.3.27-6.ent.ia64.rpm
94596064ad6f22a2daf1e0b0e373908d 2.1AS/en/os/ia64/apache-manual-1.3.27-6.ent.ia64.rpm
181c7ad14dc07f2d5b1f9f87628fd178 2.1AW/en/os/SRPMS/apache-1.3.27-6.ent.src.rpm
f0dd0996cab77c0398aecb1ba673a4b8 2.1AW/en/os/ia64/apache-1.3.27-6.ent.ia64.rpm
1cf5a1b6d052b1cf1af870a9cb87b917 2.1AW/en/os/ia64/apache-devel-1.3.27-6.ent.ia64.rpm
94596064ad6f22a2daf1e0b0e373908d 2.1AW/en/os/ia64/apache-manual-1.3.27-6.ent.ia64.rpm
181c7ad14dc07f2d5b1f9f87628fd178 2.1ES/en/os/SRPMS/apache-1.3.27-6.ent.src.rpm
d7042fd77f2cafd3fed6f48d19b1616e 2.1ES/en/os/i386/apache-1.3.27-6.ent.i386.rpm
2fd538f63149df9f06740b88bbd65b0e 2.1ES/en/os/i386/apache-devel-1.3.27-6.ent.i386.rpm
050a4db7059767582b270e7f66cd055c 2.1ES/en/os/i386/apache-manual-1.3.27-6.ent.i386.rpm
181c7ad14dc07f2d5b1f9f87628fd178 2.1WS/en/os/SRPMS/apache-1.3.27-6.ent.src.rpm
d7042fd77f2cafd3fed6f48d19b1616e 2.1WS/en/os/i386/apache-1.3.27-6.ent.i386.rpm
2fd538f63149df9f06740b88bbd65b0e 2.1WS/en/os/i386/apache-devel-1.3.27-6.ent.i386.rpm
050a4db7059767582b270e7f66cd055c 2.1WS/en/os/i386/apache-manual-1.3.27-6.ent.i386.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://www.apacheweek.com/features/security-13.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542

9. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/10/8XlSAg2UNWIIRAtZ1AJ4xuNgft3w87dcArj/N5GtwYhhQHwCfTozA
DETZMBi97jLw8J7TdeYiGmE=
=CMeq
-----END PGP SIGNATURE-----

-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2003, SecurityGlobal.net LLC