Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[ GLSA 200409-21 ] Apache 2, mod_dav: Multiple vulnerabilities
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Bodhisattva
Bodhisattva


Joined: 25 Feb 2003
Posts: 3829
Location: Essen, Germany
PostPosted: Thu Sep 16, 2004 10:17 pm    Post subject: [ GLSA 200409-21 ] Apache 2, mod_dav: Multiple vulnerabiliti Reply with quote
Gentoo Linux Security Advisory

Title: Apache 2, mod_dav: Multiple vulnerabilities (GLSA 200409-21)
Severity: normal
Exploitable: remote
Date: September 16, 2004
Updated: December 30, 2007
Bug(s): #62626, #63948, #64145
ID: 200409-21

Synopsis

Several vulnerabilities have been found in Apache 2 and mod_dav for Apache 1.3 which could allow a remote attacker to cause a Denial of Service or a local user to get escalated privileges.

Background

The Apache HTTP server is one of most popular web servers on the internet. mod_ssl provides SSL v2/v3 and TLS v1 support for it and mod_dav is the Apache module for Distributed Authoring and Versioning (DAV).

Affected Packages

Package: www-servers/apache
Vulnerable: < 2.0.51
Unaffected: >= 2.0.51
Unaffected: < 2.0
Architectures: All supported architectures

Package: net-www/mod_dav
Vulnerable: <= 1.0.3-r1
Unaffected: >= 1.0.3-r2
Architectures: All supported architectures


Description

A potential infinite loop has been found in the input filter of mod_ssl (CAN-2004-0748) as well as a possible segmentation fault in the char_buffer_read function if reverse proxying to a SSL server is being used (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can be triggered remotely (CAN-2004-0809). The third issue is an input validation error found in the IPv6 URI parsing routines within the apr-util library (CAN-2004-0786). Additionally a possible buffer overflow has been reported when expanding environment variables during the parsing of configuration files (CAN-2004-0747).

Impact

A remote attacker could cause a Denial of Service either by aborting a SSL connection in a special way, resulting in CPU consumption, by exploiting the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker could also crash a httpd child process by sending a specially crafted URI. The last vulnerabilty could be used by a local user to gain the privileges of a httpd child, if the server parses a carefully prepared .htaccess file.

Workaround

There is no known workaround at this time.

Resolution

All Apache 2 users should upgrade to the latest version:
Code:
# emerge sync
# emerge -pv ">=www-servers/apache-2.0.51"
# emerge ">=www-servers/apache-2.0.51"
All mod_dav users should upgrade to the latest version:
Code:
# emerge sync
# emerge -pv ">=net-www/mod_dav-1.0.3-r2"
# emerge ">=net-www/mod_dav-1.0.3-r2"


References

CAN-2004-0747
CAN-2004-0748
CAN-2004-0751
CAN-2004-0786
CAN-2004-0809

Last edited by GLSA on Mon Dec 31, 2007 4:16 am; edited 4 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy