SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  Apach mod_cgid Vendors:  Apache Software Foundation
(Trustix Issues Fix) Apache mod_cgid May Disclose CGI Output to Another Client
SecurityTracker Alert ID:  1008205
CVE Reference:  CAN-2003-0789   (Links to External Site)
Date:  Nov 17 2003
Impact:  Disclosure of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.0.47 and prior versions
Description:  A vulnerability was reported in the Apache web server in the mod_cgid component. CGI output may be disclosed to another client in certain situations.

It is reported that mod_cgid may mishandle CGI redirect paths. As a result, CGI output may be returned to the wrong requesting client when a threaded MPM is used.
Impact:  A remote user may receive CGI output intended for a different client.
Solution:  Trustix has released a fix, available at:

http://http.trustix.org/pub/trustix/updates/
ftp://ftp.trustix.org/pub/trustix/updates/

Users of the SWUP tool can update automatically using 'swup --upgrade'.

The MD5sums of the packages are:

00e3df8b938b72f4e51ffeddab310818 ./2.0/srpms/apache-2.0.48-1tr.src.rpm
10b70195f32e6ba13b7d2b024024323c ./2.0/rpms/apache-manual-2.0.48-1tr.i586.rpm
3628fea182645bb4b82c34c90e8f1982 ./2.0/rpms/apache-devel-2.0.48-1tr.i586.rpm
a68f993b3bf3bfad72b297e51ae3228c ./2.0/rpms/apache-2.0.48-1tr.i586.rpm
b894c130606d76aa315e655c5dd7e1c2 ./1.5/srpms/apache-1.3.29-1tr.src.rpm
a3103b7551d6cb50bd842b5611ee2ccc ./1.5/rpms/apache-devel-1.3.29-1tr.i586.rpm
81464891227f2c8fa4d75efd8588a821 ./1.5/rpms/apache-1.3.29-1tr.i586.rpm
b894c130606d76aa315e655c5dd7e1c2 ./1.2/srpms/apache-1.3.29-1tr.src.rpm
1ccace0000acf097c0e6d6f30e849bbc ./1.2/rpms/apache-devel-1.3.29-1tr.i586.rpm
deb3aa00ca33b828c91f986960fa1e62 ./1.2/rpms/apache-1.3.29-1tr.i586.rpm
Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:  State error
Underlying OS:  Linux (Trustix)
Underlying OS Comments:  1.2, 1.5, 2.0
Reported By:  Trustix Security Advisor <tsl@trustix.org>
Message History:   This archive entry is a follow-up to the message listed below.
Oct 29 2003 Apache mod_cgid May Disclose CGI Output to Another Client


 Source Message Contents
Date:  Mon, 17 Nov 2003 14:21:45 +0100
From:  Trustix Security Advisor <tsl@trustix.org>
Subject:  TSLSA-2003-0041 - apache

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0041

Package name:      apache
Summary:           CAN-2003-0542 & CAN-2003-0789
Date:              2003-11-15
Affected versions: TSL 1.2, 1.5, 2.0

- --------------------------------------------------------------------------
Package description:
  Apache is a full featured web server that is freely available, and also
  happens to be the most widely used.Built with loadable modules (all standard
  modules enabled). This verion is intended as a replacement for a standard
  apache, the configuration files provided with apache and apache-ssl are
  unchanged.

Problem description:
  CAN-2003-0542:
  Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite
  for Apache before 1.3.29 allow attackers to can create configuration files to
  cause a denial of service (crash) or execute arbitrary code via a regular
  expression with more than 9 captures.

  CAN-2003-0789:
  mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not
  properly handle CGI redirect paths, which could cause Apache to send the
  output of a CGI program to the wrong client.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://tsldev.trustix.org/cloud/>

  You may also use swup for public testing of updates:
  
  site {
      class = 0
      location = "http://tsldev.trustix.org/cloud/rdfs/latest.rdf"
      regexp = ".*"
  }
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-1.2/>,
  <URI:http://www.trustix.org/errata/trustix-1.5/> and
  <URI:http://www.trustix.org/errata/trustix-2.0/>
  or directly at
  <URI:http://www.trustix.org/errata/misc/2003/TSL-2003-0041-apache.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
00e3df8b938b72f4e51ffeddab310818  ./2.0/srpms/apache-2.0.48-1tr.src.rpm
10b70195f32e6ba13b7d2b024024323c  ./2.0/rpms/apache-manual-2.0.48-1tr.i586.rpm
3628fea182645bb4b82c34c90e8f1982  ./2.0/rpms/apache-devel-2.0.48-1tr.i586.rpm
a68f993b3bf3bfad72b297e51ae3228c  ./2.0/rpms/apache-2.0.48-1tr.i586.rpm
b894c130606d76aa315e655c5dd7e1c2  ./1.5/srpms/apache-1.3.29-1tr.src.rpm
a3103b7551d6cb50bd842b5611ee2ccc  ./1.5/rpms/apache-devel-1.3.29-1tr.i586.rpm
81464891227f2c8fa4d75efd8588a821  ./1.5/rpms/apache-1.3.29-1tr.i586.rpm
b894c130606d76aa315e655c5dd7e1c2  ./1.2/srpms/apache-1.3.29-1tr.src.rpm
1ccace0000acf097c0e6d6f30e849bbc  ./1.2/rpms/apache-devel-1.3.29-1tr.i586.rpm
deb3aa00ca33b828c91f986960fa1e62  ./1.2/rpms/apache-1.3.29-1tr.i586.rpm
- --------------------------------------------------------------------------


TSL Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/tnS1i8CEzsK9IksRAjUUAKChi2ba2/PvvGdELwKEt22/+vb+6gCfW4O3
DOUs2zbpxY8/MtBCTO4pCYI=
=euoL
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@tawie.org
http://www.tawie.org/mailman/listinfo/tsl-announce


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2003, SecurityGlobal.net LLC