search menu icon-carat-right cmu-wordmark

CERT Coordination Center

mod_python vulnerable to information disclosure via crafted URL

Vulnerability Note VU#356409

Original Release Date: 2005-02-21 | Last Revised: 2005-07-06

Overview

The Apache mod_python module is vulnerable to unintended remote information disclosure using specially crafted URLs.

Description

From the mod_python web page:

Mod_python is an Apache module that embeds the Python interpreter within the server. With mod_python you can write web-based applications in Python that will run many times faster than traditional CGI and will have access to advanced features such as ability to retain database connections and other data between hits and access to Apache internals.

The mod_python publisher, which allows Python module objects to be called in a URL, contains a subtle flaw in the request handling logic. Unintended information may be leaked by objects which are not meant to be visible.

Impact

A remote attacker may be able to craft a URL to obtain script data and information which was not meant to be visible. This could include variable names and values, object data, and more.

Solution

Obtain updated packages
mod_python has released updated packages which do not contain this flaw:

For Apache 1.3: mod_python 2.7.11(or later)
For Apache 2.0: mod_python 3.0.4 (or later)

These packages can be obtained from the mod_python download page.

A proposed workaround is to set the Apache server to block URLs containing requests that begin with "func_". This is not a definitive solution and may also hinder normal operation of the server.

Vendor Information

356409
 
Affected   Unknown   Unaffected

Apache

Updated:  February 21, 2005

Status

  Vulnerable

Vendor Statement

The Apache Software Foundation and The Apache HTTP Server Project are pleased
to announce the release of versions 3.1.4 and 2.7.11 of mod_python.

This release addresses a vulnerability in mod_python's publisher handler
whereby a carefully crafted URL would expose objects that should not be
visible, leading to an information leak. The Common Vulnerabilities and
Exposures project (
http://cve.mitre.org/) has assigned the name CAN-2005-0088
to this issue.

Users of the publisher handler are urged to upgrade as soon as possible.

There are no other changes or improvements from the previous version in
this release.

At this point the new version is only available as a source code archive.
Users of mod_python on Win32 platform can update their installation by simply
replacing the publisher.py file with the latest version from the source code
archive.

Mod_python is available for download from:

http://httpd.apache.org/modules/python-download.cgi

For more information about mod_python visit
http://www.modpython.org/

Regards,

Grisha Trubetskoy

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project

Updated:  February 21, 2005

Status

  Vulnerable

Vendor Statement

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-140
2005-02-10
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : mod_python
Version     : 3.1.3                     =20
Release     : 5.2                 =20
Summary     : An embedded Python interpreter for the Apache Web server.
Description :
Mod_python is a module that embeds the Python language interpreter within
the server, allowing Apache handlers to be written in Python.

Mod_python brings together the versatility of Python and the power of
the Apache Web server for a considerable boost in flexibility and
performance over the traditional CGI approach.

---------------------------------------------------------------------
Update Information:

Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain access to
objects that should not be visible, leading to an information leak. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0088 to this issue.

This update includes a patch which fixes this issue.

---------------------------------------------------------------------
* Mon Jan 31 2005 Joe Orton <jorton@redhat.com> 3.1.3-5.2

- add security fix for CVE CAN-2005-0088 (#146655)

---------------------------------------------------------------------
This update can be downloaded from:
 
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

2f8f27de0ed294fb0df1dbcc4b459d1b  SRPMS/mod_python-3.1.3-5.2.src.rpm
14821a1a3b89506fddc51b338f93a800  x86_64/mod_python-3.1.3-5.2.x86_64.rpm
07653b192939283ac05b094f6963af43  x86_64/debug/mod_python-debuginfo-3.1.3-5=
.2.x86_64.rpm
5908a986650071f30ab180724d3a461b  i386/mod_python-3.1.3-5.2.i386.rpm
24f5c62133e734b1b2b109d3fe19a83b  i386/debug/mod_python-debuginfo-3.1.3-5.2=
.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
---------------------------------------------------------------------

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Updated:  February 21, 2005

Status

  Vulnerable

Vendor Statement

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200502-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low
    Title: mod_python: Publisher Handler vulnerability
     Date: February 13, 2005
     Bugs: #80109
       ID: 200502-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

mod_python contains a vulnerability in the Publisher Handler
potentially leading to information disclosure.

Background
==========

mod_python is an Apache module that embeds the Python interpreter
within the server allowing Python-based web-applications to be created.

Affected packages
=================

   -------------------------------------------------------------------
    Package                /  Vulnerable  /                Unaffected
   -------------------------------------------------------------------
 1  dev-python/mod_python     < 3.1.3-r1                  >= 3.1.3-r1

Description
===========

Graham Dumpleton discovered a vulnerability in mod_python's Publisher
Handler.

Impact
======

By requesting a specially crafted URL for a published module page, an
attacker could obtain information about restricted variables.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All mod_python users should upgrade to the latest version:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=dev-python/mod_python-3.1.3-r1"

References
==========

 [ 1 ] CAN-2005-0088
       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0088

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 
http://security.gentoo.org/glsa/glsa-200502-14.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc.

Notified:  February 11, 2005 Updated:  February 11, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Red Hat Security Advisory RHSA-2005:104-03 has details on updates and fixes.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux

Updated:  February 21, 2005

Status

  Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0003

Package name:      bind clamav cpio cups mod_python perl postgresql python
                  squid
Summary:           Security fixes
Date:              2005-02-11
Affected versions: Trustix Secure Linux 1.5
                  Trustix Secure Linux 2.1
                  Trustix Secure Linux 2.2
                  Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
 bind:
 BIND (Berkeley Internet Name Domain) is an implementation of the DNS
 (Domain Name System) protocols. BIND includes a DNS server (named),
 which resolves host names to IP addresses, and a resolver library
 (routines for applications to use when interfacing with DNS).  A DNS
 server allows clients to name resources or objects and share the
 information with other network machines.  The named DNS server can be
 used on workstations as a caching name server, but is generally only
 needed on one machine for an entire network.

 clamav:
 Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this
 software is the integration with mail servers (attachment scanning).
 The package provides a flexible and scalable multi-threaded daemon,
 a command line scanner, and a tool for automatic updating via Internet.
 The programs are based on a shared library distributed with package,
 which you can use with your own software.
 Most importantly, the virus database is kept up to date .

 cpio:
 GNU cpio copies files into or out of a cpio or tar archive.  Archives
 are files which contain a collection of other files plus information
 about them, such as their file name, owner, timestamps, and access
 permissions.  The archive can be another file on the disk, a magnetic
 tape, or a pipe.  GNU cpio supports the following archive formats:  binary,
 old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1
 tar.  By default, cpio creates binary format archives, so that they are
 compatible with older cpio programs.  When it is extracting files from
 archives, cpio automatically recognizes which kind of archive it is reading
 and can read archives created on machines with a different byte-order.

 cups:
 The Common UNIX Printing System provides a portable printing layer for
 UNIX(R) operating systems. It has been developed by Easy Software Products
 to promote a standard printing solution for all UNIX vendors and users.
 CUPS provides the System V and Berkeley command-line interfaces.
 
 mod_python:
 Mod_python is a module that embeds the Python language interpreter within
 the server, allowing Apache handlers to be written in Python.

 perl:
 Perl is a high-level programming language with roots in C, sed, awk
 and shell scripting.  Perl is good at handling processes and files,
 and is especially good at handling text.  Perl's hallmarks are
 practicality and efficiency.  While it is used to do a lot of
 different things, Perl's most common applications (and what it excels
 at) are probably system administration utilities and web programming.
 A large proportion of the CGI scripts on the web are written in Perl.
 You need the perl package installed on your system so that your
 system can handle Perl scripts.
 
 postgresql:
 PostgreSQL is an advanced Object-Relational database management system
 (DBMS) that supports almost all SQL constructs (including
 transactions, subselects and user-defined types and functions). The
 postgresql package includes the client programs and libraries that
 you'll need to access a PostgreSQL DBMS server.  These PostgreSQL
 client programs are programs that directly manipulate the internal
 structure of PostgreSQL databases on a PostgreSQL server. These client
 programs can be located on the same machine with the PostgreSQL
 server, or may be on a remote machine which accesses a PostgreSQL
 server over a network connection. This package contains the docs
 in HTML for the whole package, as well as command-line utilities for
 managing PostgreSQL databases on a PostgreSQL server.

 python:
 Python is an interpreted, interactive, object-oriented programming
 language often compared to Tcl, Perl, Scheme or Java. Python includes
 modules, classes, exceptions, very high level dynamic data types and
 dynamic typing. Python supports interfaces to many system calls and
 libraries.

 squid:
 Squid is a high-performance proxy caching server for Web clients,
 supporting FTP, gopher, and HTTP data objects. Unlike traditional
 caching software, Squid handles all requests in a single,
 non-blocking, I/O-driven process. Squid keeps meta data and especially
 hot objects cached in RAM, caches DNS lookups, supports non-blocking
 DNS lookups, and implements negative caching of failed requests.


Problem description:
 bind:
 A bug in the dnssec validator can result in an internal consistency check
 failing and thus causing the named to exit abnormally.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0034 to this issue.


 clamav:
 An attacker can crash the ClamAV daemon by sending a specially
 crafted ZIP file and thus causing a DoS.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0133 to this issue.


 cpio:
 cpio reset the umask to 0 when writing files with the -O flag.
 This left the files both readable and writeable by all.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-1999-1572 to this issue.


 cups:
 A buffer overflow was found in the Decrypt::makeFileKey2 function
 in Decrypt.cc for xpdf 3.00 and earlier allowed remote attackers
 to execute arbitrary code via a PDF file.

 xpdf is not part of TSL, but a number of projects have reused this
 code.  Of those, cups is included in TSL.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0064 to this issue.


 mod_python:
 Graham Dumpleton discovered a flaw affecting the publisher handler of
 mod_python, used to make objects inside modules callable via URL.
 A remote user could visit a carefully crafted URL that would gain access to
 objects that should not be visible, leading to an information leak.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0088 to this issue.


 perl:
 When executing a setuid-root perl, the file pointed to by the
 PERLIO_DEBUG environment varibale would be overwritten.  This has now
 been fixed by ignoring PERLIO_DEBUG for setuid perl scripts.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0155 to this issue.


 Executing a setuid root perl script with a very long path caused a
 buffer overflow if the PERLIO_DEBUG environment variable was set.
 This bug could be exploited to gain root privileges.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0156 to this issue.


 postgresql:
 New upstream.  Fixes local privilege escalation discovered by John Heasman
 Any user could use the LOAD extention to load any shared library into
 the server.

 This could be used to execute commands as the postgresql user.


 python:
 From the Python advisory:
 The Python development team has discovered a flaw in the
 SimpleXMLRPCServer library module which can give remote attackers
 access to internals of the registered object or its module or possibly
 other modules. The flaw only affects Python XML-RPC servers that use
 the register_instance() method to register an object without a
 _dispatch() method. Servers using only register_function() are not
 affected.

 On vulnerable XML-RPC servers, a remote attacker may be able to view
 or modify globals of the module(s) containing the registered instance's
 class(es), potentially leading to data loss or arbitrary code execution.
 If the registered object is a module, the danger is particularly serious.
 For example, if the registered module imports the os module, an attacker
 could invoke the os.system() function.
 
 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0089 to this issue.


 squid:
 A buffer overflow in the Gopher responses parser can be exploited
 remotely in a denial of service attack.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has

  assigned the name CAN-2005-0094 to this issue.


 An integer overflow in the receiver of Web Cache Communication Protocol
 messages can be exploited remotely in a denial of service attack.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0095 to this issue.


 A memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7
 and can be exploited remotely in a denial of service attack.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0096 to this issue.


 Sending a malformed NTML message to Squid 2.5.STABLE7 and earlier
 can cause a remore denial of service attack.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2005-0097 to this issue.


Action:
 We recommend that all systems with this package installed be upgraded.
 Please note that if you do not need the functionality provided by this
 package, you may want to remove it from your system.


Location:
 All Trustix Secure Linux updates are available from
 <URI:
http://http.trustix.org/pub/trustix/updates/>
 <URI:
ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
 Trustix Secure Linux is a small Linux distribution for servers. With focus
 on security and stability, the system is painlessly kept safe and up to
 date from day one using swup, the automated software updater.


Automatic updates:
 Users of the SWUP tool can enjoy having updates automatically
 installed using 'swup --upgrade'.


Questions?
 Check out our mailing lists:
 <URI:
http://www.trustix.org/support/>


Verification:
 This advisory along with all Trustix packages are signed with the
 TSL sign key.
 This key is available from:
 <URI:
http://www.trustix.org/TSL-SIGN-KEY>

 The advisory itself is available from the errata pages at
 <URI:
http://www.trustix.org/errata/trustix-1.5/>,
 <URI:
http://www.trustix.org/errata/trustix-2.1/> and
 <URI:
http://www.trustix.org/errata/trustix-2.2/>
 or directly at
 <URI:
http://www.trustix.org/errata/2005/0003/>


MD5sums of the packages:
- --------------------------------------------------------------------------
edf340ef53a7489be5feb31c5c40fb7a  2.2/rpms/bind-9.3.0-6tr.i586.rpm
9d97b4a4d7b177b209278fe3772f84dc  2.2/rpms/bind-devel-9.3.0-6tr.i586.rpm
e90c07b0b8147e888cb0123bf200e545  2.2/rpms/bind-libs-9.3.0-6tr.i586.rpm
a4ff8817412c2536934ae21a47019994  2.2/rpms/bind-light-9.3.0-6tr.i586.rpm
be377c6746f0e365fe498c58ac288dab  2.2/rpms/bind-light-devel-9.3.0-6tr.i586.rpm
3f01be31c9df4e6615b3afa16011a076  2.2/rpms/bind-utils-9.3.0-6tr.i586.rpm
c29d1286e69da619f925781bf2af2611  2.2/rpms/clamav-0.80-3tr.i586.rpm
158cb7e495e67358fea8d7619f4d9301  2.2/rpms/clamav-devel-0.80-3tr.i586.rpm
d42c475fcbf22473dd0076991b1c2cc8  2.2/rpms/cpio-2.5-9tr.i586.rpm
a44df52c5a3caa8ed66183a0ae1657ca  2.2/rpms/cups-1.1.23-2tr.i586.rpm
56935808faf04692b4cc1f4751886a65  2.2/rpms/cups-devel-1.1.23-2tr.i586.rpm
76e7adccc01aaee65379286d873e67d7  2.2/rpms/cups-libs-1.1.23-2tr.i586.rpm
d897e337b57ff1769de1c2f3784ede2e  2.2/rpms/mod_python-3.1.3-2tr.i586.rpm
740159c0a1af369e1f05ca00ef0bda70  2.2/rpms/perl-5.8.5-4tr.i586.rpm
2b87e851b2ecd40f6ae3530cafaafefc  2.2/rpms/postgresql-8.0.1-1tr.i586.rpm
6d41dd9c2489460bccd004567e68cf92  2.2/rpms/postgresql-contrib-8.0.1-1tr.i586.rpm
181fec1ac113df1eaa6b0a6fedc5d447  2.2/rpms/postgresql-devel-8.0.1-1tr.i586.rpm
f710edabbaa5127442e6c3682735ef70  2.2/rpms/postgresql-docs-8.0.1-1tr.i586.rpm
0b3ebc5fdd0f67f1e2d24a4c8f565b76  2.2/rpms/postgresql-libs-8.0.1-1tr.i586.rpm
d16a77091ca20f1f811d9847befe4e66  2.2/rpms/postgresql-plperl-8.0.1-1tr.i586.rpm
3ca468af41ad8fadfc896502d262441a  2.2/rpms/postgresql-python-8.0.1-1tr.i586.rpm
01c63b048e332045b738c804921d026d  2.2/rpms/postgresql-server-8.0.1-1tr.i586.rpm
f9a8f85a673def7737b3e7c25e3e0317  2.2/rpms/postgresql-test-8.0.1-1tr.i586.rpm
653cfb455b18d744f256ce80c9257ea4  2.2/rpms/python-2.2.3-15tr.i586.rpm
1eabd8f09a09dab9d2fc1b7f21386f05  2.2/rpms/python-dbm-2.2.3-15tr.i586.rpm
207808fabdee7cc75b91384112971d03  2.2/rpms/python-devel-2.2.3-15tr.i586.rpm
69296a45c6fbf24fdf567c1427b29f8a  2.2/rpms/python-docs-2.2.3-15tr.i586.rpm
9229c28c83df681a1d8a040b52d34449  2.2/rpms/python-gdbm-2.2.3-15tr.i586.rpm
756fe88b0e879a8bde101eea953cd949  2.2/rpms/python-modules-2.2.3-15tr.i586.rpm
081706dca8282c032198031cd3c9321c  2.2/rpms/squid-2.5.STABLE7-2tr.i586.rpm

151fc3e248b7a5bab0ace6839248c9dc  2.1/rpms/cpio-2.5-9tr.i586.rpm
2b76f057db2434a6e5dfeaf632571a24  2.1/rpms/cups-1.1.23-1tr.i586.rpm
598c9ef86b8fe587a3e58dac00a4bc66  2.1/rpms/cups-devel-1.1.23-1tr.i586.rpm
f0b075344c5e9dbaf2eccfcaeb7ce6d6  2.1/rpms/cups-libs-1.1.23-1tr.i586.rpm
2101e9e0054910530092920425f246ac  2.1/rpms/perl-5.8.3-5tr.i586.rpm
c6d1cfcd6ff77ffbea2283b4153e8d7f  2.1/rpms/perl-devel-5.8.3-5tr.i586.rpm
09fa604b7de541a3354b10b46d98b59c  2.1/rpms/perl-doc-5.8.3-5tr.i586.rpm
613d9861c044f96fd3cda206fc07f633  2.1/rpms/postgresql-7.4.7-1tr.i586.rpm
61b62383dcdefa45a30d0960223be59e  2.1/rpms/postgresql-contrib-7.4.7-1tr.i586.rpm
0be3566daaad982798e66f1033aa0c26  2.1/rpms/postgresql-devel-7.4.7-1tr.i586.rpm
2d5b875d3d0ea6c3f6de2f173c96e220  2.1/rpms/postgresql-docs-7.4.7-1tr.i586.rpm
5cc70d8bd0911b88bc26ae5c1e1ff569  2.1/rpms/postgresql-libs-7.4.7-1tr.i586.rpm
28f819f13f6c32bc5f00c9f68ccdfc62  2.1/rpms/postgresql-plperl-7.4.7-1tr.i586.rpm
967ca48a961a7203eab3136ffbb56848  2.1/rpms/postgresql-python-7.4.7-1tr.i586.rpm
6b5a0555d2ea9a913d8936f285fd806a  2.1/rpms/postgresql-server-7.4.7-1tr.i586.rpm
818c097485e436368287e4045bae10f4  2.1/rpms/postgresql-test-7.4.7-1tr.i586.rpm
061c655434677133f455811a83ed74b7  2.1/rpms/python-2.2.3-11tr.i586.rpm
9a1956561409e6661918831b80674f74  2.1/rpms/python-dbm-2.2.3-11tr.i586.rpm
8ac97e4e779f328b7d6f3cfa5ad3a3f1  2.1/rpms/python-devel-2.2.3-11tr.i586.rpm
568ea81e2ca8b26afdf8487f55de8b36  2.1/rpms/python-docs-2.2.3-11tr.i586.rpm
140cbdd1f787e7fd34dbf902dc56e6ae  2.1/rpms/python-gdbm-2.2.3-11tr.i586.rpm
64f9242da8b7ee4c8429eb29fc0e593d  2.1/rpms/python-modules-2.2.3-11tr.i586.rpm

b981a44d84483e3751d835423a434bd4  1.5/rpms/cpio-2.4.2-16tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubuntu Linux

Updated:  February 21, 2005

Status

  Vulnerable

Vendor Statement

===========================================================
Ubuntu Security Notice USN-80-1  February 11, 2005
libapache2-mod-python vulnerabilities
CAN-2005-0088
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-python2.2
libapache2-mod-python2.3

The problem can be corrected by upgrading the affected package to
version 3.1.3-1ubuntu3.2.  After a standard system upgrade you need to
restart the Apache 2 web server using

  sudo /etc/init.d/apache2 restart

to effect the necessary changes.

Details follow:

Graham Dumpleton discovered an information disclosure in the
"publisher" handle of mod_python. By requesting a carefully crafted
URL for a published module page, anybody can obtain extra information
about internal variables, objects, and other information which is not
intended to be visible.

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.diff.gz
      Size/MD5:    24067 485183927dd680eedb351cedbd0bb882

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.dsc
      Size/MD5:      806 3b141dd6a13c2abc0c1780ff8d9c34aa

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3.orig.tar.gz
      Size/MD5:   293548 2e1983e35edd428f308b0dfeb1c23bfe

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.3-1ubuntu3.2_all.deb
      Size/MD5:   100700 6890472b77b13191bf5106123bbebc6c

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2_all.deb
      Size/MD5:    12462 b48ab5f2c09c47bfe0c7c02243766c4f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_amd64.deb
      Size/MD5:    87564 e331d0cbb7aacadc64ef44d41d326587

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_amd64.deb
      Size/MD5:    87650 0dcbdb227cae1b4721c4b8e0454b4ea6

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_i386.deb
      Size/MD5:    80502 003d29054ae210f2f81826bac8de7856

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_i386.deb
      Size/MD5:    80538 1813380c5c39583e9311e117f2823aca

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_powerpc.deb
      Size/MD5:    85218 d56d5f3a5cda43096dda9d1d7fc3fc0b

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_powerpc.deb
      Size/MD5:    85350 9df8b87f95570137d2402818a252b38d

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Graham Dumpleton and RedHat for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-0088
Severity Metric: 1.26
Date Public: 2005-02-11
Date First Published: 2005-02-21
Date Last Updated: 2005-07-06 18:12 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.