SecurityTracker.com Archives - (Conectiva Issues Fix) Apache mod

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > Apache mod_rewrite

Vendors: Apache Software Foundation

(Conectiva Issues Fix) Apache mod_rewrite Contains a Buffer Overflow

SecurityTracker Alert ID: 1008110

CVE Reference: CAN-2003-0542 (Links to External Site)

Date: Nov 6 2003

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.0.47 and prior versions

Description: A vulnerability was reported in the Apache mod_rewrite component. A remote user may be able to trigger a buffer overflow.

It is reported that both mod_alias and mod_rewrite contain a buffer overflow. If the administrator has configured a regular expression with more than 9 captures, the overflow can be triggered.

[Editor's note: The Apache notice did not indicate the impact of the buffer overflow.]

Impact: [Editor's note: The Apache notice did not indicate the impact of the buffer overflow.]

Vendor URL: httpd.apache.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Conectiva)

Underlying OS Comments: 7.0, 8, 9

Reported By: Conectiva Updates <secure@conectiva.com.br>

Message History: This archive entry is a follow-up to the message listed below.

Oct 29 2003

Apache mod_rewrite Contains a Buffer Overflow

Source Message Contents

Date: Wed, 5 Nov 2003 19:18:56 -0200
From: Conectiva Updates <secure@conectiva.com.br>
Subject: [conectiva-updates] [CLA-2003:775] Conectiva Security Announcement - apache

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : apache
SUMMARY   : Fix for some vulnerabilities
DATE      : 2003-11-05 19:18:00
ID        : CLA-2003:775
RELEVANT
RELEASES  : 7.0, 8, 9

- -------------------------------------------------------------------------

DESCRIPTION
 Apache[1] is the most popular webserver in use today.
 
 New versions of the Apache web server have been made available[2][3]
 with the following security fixes:
 
 1. Buffer overflow in mod_alias and mod_rewrite (CAN-2003-0542) [4]
 A buffer overflow could occur in mod_alias and mod_rewrite when a
 regular expression with more than 9 captures is configured. Users who
 can create or modify configuration files (httpd.conf or .htaccess,
 for example) could trigger this. This vulnerability affects Apache
 1.3.x and Apache 2.0.x.
 
 2. mod_cgid mishandling of CGI redirect paths (CAN-2003-0789) [5]
 mod_cgid mishandling of CGI redirect paths could result in CGI output
 going to the wrong client when a threaded MPM is used. The packages
 provided with Conectiva Linux 9 are not vulnerable to this issue
 because  they are not compiled with that MPM, but the fix has been
 included because new packages for Conectiva Linux 9 were already
 being built for the suexec problem (see below).
 
 In addition to the above security fixes, "suexec" has been correctly
 built in the Conectiva Linux 9 packages, fixing[6] the problem where
 CGI scripts could not be run from the user's home directory.


SOLUTION
 It is recommended that all Apache users upgrade their packages.
 
 IMPORTANT: it is necessary to manually restart the httpd server after
 upgrading the packages. In order to do this, execute the following as
 root:
 
 service httpd stop
 
 (wait a few seconds and check with "pidof httpd" if there are any
 httpd processes running. On a busy webserver this could take a little
 longer)
 
 service httpd start
 
 
 REFERENCES
 1. http://apache.httpd.org/
 2. http://www.apache.org/dist/httpd/Announcement2.html
 3. http://www.apache.org/dist/httpd/Announcement.html
 4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
 5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789
 6. http://bugzilla.conectiva.com.br/show_bug.cgi?id=8754 (pt_BR only)


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/apache-1.3.28-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-1.3.28-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-devel-1.3.28-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-doc-1.3.28-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/apache-1.3.28-1U80_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-1.3.28-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-devel-1.3.28-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-doc-1.3.28-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_5cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/qWk/42jd0JmAcZARAkF2AJsGfA3n7v7l8f4A8ik+Ao6uqB9NYACfZnQ4
qf3SjmMxGkqRYyXuBBragEE=
=zsxK
-----END PGP SIGNATURE-----

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2002, SecurityGlobal.net LLC