SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Web Server/CGI)  >   Apache Vendors:   Apache Software Foundation
(Mandrake Issues Fix) Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
SecurityTracker Alert ID:  1007825
SecurityTracker URL:  http://securitytracker.com/id/1007825
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 27 2003
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.47
Description:   A denial of service vulnerability was reported in the Apache 2.0 web server. A user with the ability to place CGI scripts on the server can cause the web service to hang.

It is reported that CGI scripts that generate more than 4k of output to STDERR will cause the CGI script to hang. This, in turn, may cause the Apache httpd process to hang while waiting for additional input from the CGI process due to a locked write() function call in mod_cgi.

The Apache httpd server may fail to respond to subsequent requests.

A demonstration exploit script is provided in the Source Message.

Brandon Black is credited with reporting this flaw.
Impact:   A user with privileges to place CGI scripts on the server can call a malicious script that will cause the httpd process to hang.
Solution:   Mandrake has released a fix.

Mandrake Linux 9.1:
bcd0c73afb901bced97ee201aeb24f1a 9.1/RPMS/apache2-2.0.47-1.3.91mdk.i586.rpm
38379cd70d8e452f6b582b9e4ff59be4 9.1/RPMS/apache2-common-2.0.47-1.3.91mdk.i586.rpm
b44270899ca67a657c870a57baba3e2e 9.1/RPMS/apache2-devel-2.0.47-1.3.91mdk.i586.rpm
21e9c7f6d4649a1f2c60e2213e3d9d87 9.1/RPMS/apache2-manual-2.0.47-1.3.91mdk.i586.rpm
cbcb9f567273fe80ad754ba5338825a6 9.1/RPMS/apache2-mod_dav-2.0.47-1.3.91mdk.i586.rpm
1940d731a5bde39f3a8c1609b5623330 9.1/RPMS/apache2-mod_ldap-2.0.47-1.3.91mdk.i586.rpm
5508b5bef150a88e80535d9230113735 9.1/RPMS/apache2-mod_ssl-2.0.47-1.3.91mdk.i586.rpm
56267cf09af350b8a383abc2b9ebedbc 9.1/RPMS/apache2-modules-2.0.47-1.3.91mdk.i586.rpm
f7ff9796a95d63dc5691ea434fb0efa3 9.1/RPMS/apache2-source-2.0.47-1.3.91mdk.i586.rpm
859c7126af782efa3dcebbda669d7f5d 9.1/RPMS/libapr0-2.0.47-1.3.91mdk.i586.rpm
60261a3a810ceee306cd6bdd1baf3af1 9.1/SRPMS/apache2-2.0.47-1.3.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
81fa02d2441b1ad2a59073fae3618923 ppc/9.1/RPMS/apache2-2.0.47-1.3.91mdk.ppc.rpm
d903f0a0e9d6d2aa90bc14bb2452dc1b ppc/9.1/RPMS/apache2-common-2.0.47-1.3.91mdk.ppc.rpm
0ecc1e79b817d1efe346211dda9090de ppc/9.1/RPMS/apache2-devel-2.0.47-1.3.91mdk.ppc.rpm
398c1db00d0fb47fb57d0a217d1a63f4 ppc/9.1/RPMS/apache2-manual-2.0.47-1.3.91mdk.ppc.rpm
7adfa25d0d80e968c95306a70e60cfdb ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.3.91mdk.ppc.rpm
e524f04403d6634d970261bae094b545 ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.3.91mdk.ppc.rpm
c76c5664ff6594c2857e32b3ea62e280 ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.3.91mdk.ppc.rpm
dce9ebbf7059a0194285467615d52b94 ppc/9.1/RPMS/apache2-modules-2.0.47-1.3.91mdk.ppc.rpm
9a7d2c7b8b3eeb8a566fa713a629d20f ppc/9.1/RPMS/apache2-source-2.0.47-1.3.91mdk.ppc.rpm
9e98058a1154352d3e8bbe5f74536c1e ppc/9.1/RPMS/libapr0-2.0.47-1.3.91mdk.ppc.rpm
60261a3a810ceee306cd6bdd1baf3af1 ppc/9.1/SRPMS/apache2-2.0.47-1.3.91mdk.src.rpm
Vendor URL:  nagoya.apache.org/bugzilla/show_bug.cgi?id=22030 (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Mandriva/Mandrake)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 27 2003 Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service


 Source Message Contents
Date:  26 Sep 2003 23:03:12 -0000
Subject:  MDKSA-2003:096 - Updated apache2 packages fix CGI scripting deadlock


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           apache2
Advisory ID:            MDKSA-2003:096
Date:                   September 26th, 2003

Affected versions:	9.1
________________________________________________________________________

Problem Description:

 A problem was discovered in Apache2 where CGI scripts that output more
 than 4k of output to STDERR will hang the script's execution which can
 cause a Denial of Service on the httpd process because it is waiting
 for more input from the CGI that is not forthcoming due to the locked
 write() call in mod_cgi.
 
 On systems that use scripts that output more than 4k to STDERR, this
 could cause httpd processes to hang and once the maximum connection
 limit is reached, Apache will no longer respond to requests. 
 
 The updated packages provided use the latest mod_cgi.c from the Apache
 2.1 CVS version.
 
 Users may have to restart apache by hand after the upgrade by issuing
 a "service httpd restart".
________________________________________________________________________

References:
  
  http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22030
________________________________________________________________________

Updated Packages:
  
 Mandrake Linux 9.1:
 bcd0c73afb901bced97ee201aeb24f1a  9.1/RPMS/apache2-2.0.47-1.3.91mdk.i586.rpm
 38379cd70d8e452f6b582b9e4ff59be4  9.1/RPMS/apache2-common-2.0.47-1.3.91mdk.i586.rpm
 b44270899ca67a657c870a57baba3e2e  9.1/RPMS/apache2-devel-2.0.47-1.3.91mdk.i586.rpm
 21e9c7f6d4649a1f2c60e2213e3d9d87  9.1/RPMS/apache2-manual-2.0.47-1.3.91mdk.i586.rpm
 cbcb9f567273fe80ad754ba5338825a6  9.1/RPMS/apache2-mod_dav-2.0.47-1.3.91mdk.i586.rpm
 1940d731a5bde39f3a8c1609b5623330  9.1/RPMS/apache2-mod_ldap-2.0.47-1.3.91mdk.i586.rpm
 5508b5bef150a88e80535d9230113735  9.1/RPMS/apache2-mod_ssl-2.0.47-1.3.91mdk.i586.rpm
 56267cf09af350b8a383abc2b9ebedbc  9.1/RPMS/apache2-modules-2.0.47-1.3.91mdk.i586.rpm
 f7ff9796a95d63dc5691ea434fb0efa3  9.1/RPMS/apache2-source-2.0.47-1.3.91mdk.i586.rpm
 859c7126af782efa3dcebbda669d7f5d  9.1/RPMS/libapr0-2.0.47-1.3.91mdk.i586.rpm
 60261a3a810ceee306cd6bdd1baf3af1  9.1/SRPMS/apache2-2.0.47-1.3.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 81fa02d2441b1ad2a59073fae3618923  ppc/9.1/RPMS/apache2-2.0.47-1.3.91mdk.ppc.rpm
 d903f0a0e9d6d2aa90bc14bb2452dc1b  ppc/9.1/RPMS/apache2-common-2.0.47-1.3.91mdk.ppc.rpm
 0ecc1e79b817d1efe346211dda9090de  ppc/9.1/RPMS/apache2-devel-2.0.47-1.3.91mdk.ppc.rpm
 398c1db00d0fb47fb57d0a217d1a63f4  ppc/9.1/RPMS/apache2-manual-2.0.47-1.3.91mdk.ppc.rpm
 7adfa25d0d80e968c95306a70e60cfdb  ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.3.91mdk.ppc.rpm
 e524f04403d6634d970261bae094b545  ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.3.91mdk.ppc.rpm
 c76c5664ff6594c2857e32b3ea62e280  ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.3.91mdk.ppc.rpm
 dce9ebbf7059a0194285467615d52b94  ppc/9.1/RPMS/apache2-modules-2.0.47-1.3.91mdk.ppc.rpm
 9a7d2c7b8b3eeb8a566fa713a629d20f  ppc/9.1/RPMS/apache2-source-2.0.47-1.3.91mdk.ppc.rpm
 9e98058a1154352d3e8bbe5f74536c1e  ppc/9.1/RPMS/libapr0-2.0.47-1.3.91mdk.ppc.rpm
 60261a3a810ceee306cd6bdd1baf3af1  ppc/9.1/SRPMS/apache2-2.0.47-1.3.91mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/dMWvmqjQ0CJFipgRAg7mAKCKnd0X7NWGXzqIQ3iJCVJgmKZJJACgrSqR
SFlz34CEPL/8FG3WzrHTOaI=
=TH/h
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC