Updated: February 02, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The Apache Software Foundation has released versions 1.3.29 and 2.0.48 of the Apache httpd server in response to this issue. These patched versions of the software are available at:
Updated: February 02, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : apache SUMMARY : Fix for some vulnerabilities DATE : 2003-11-05 19:18:00 ID : CLA-2003:775 RELEVANT RELEASES : 7.0, 8, 9 DESCRIPTION Apache[1] is the most popular webserver in use today. New versions of the Apache web server have been made available[2][3] with the following security fixes: 1. Buffer overflow in mod_alias and mod_rewrite (CAN-2003-0542) [4] A buffer overflow could occur in mod_alias and mod_rewrite when a regular expression with more than 9 captures is configured. Users who can create or modify configuration files (httpd.conf or .htaccess, for example) could trigger this. This vulnerability affects Apache 1.3.x and Apache 2.0.x. 2. mod_cgid mishandling of CGI redirect paths (CAN-2003-0789) [5] mod_cgid mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. The packages provided with Conectiva Linux 9 are not vulnerable to this issue because they are not compiled with that MPM, but the fix has been included because new packages for Conectiva Linux 9 were already being built for the suexec problem (see below). In addition to the above security fixes, "suexec" has been correctly built in the Conectiva Linux 9 packages, fixing[6] the problem where CGI scripts could not be run from the user's home directory. SOLUTION It is recommended that all Apache users upgrade their packages. IMPORTANT: it is necessary to manually restart the httpd server after upgrading the packages. In order to do this, execute the following as root: service httpd stop (wait a few seconds and check with "pidof httpd" if there are any httpd processes running. On a busy webserver this could take a little longer) service httpd start REFERENCES 1. http://apache.httpd.org/ 2. http://www.apache.org/dist/httpd/Announcement2.html 3. http://www.apache.org/dist/httpd/Announcement.html 4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542 5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789 6. http://bugzilla.conectiva.com.br/show_bug.cgi?id=8754 (pt_BR only) UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/apache-1.3.28-1U70_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-1.3.28-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-devel-1.3.28-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-doc-1.3.28-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/apache-1.3.28-1U80_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-1.3.28-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-devel-1.3.28-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-doc-1.3.28-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_5cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_5cl.i386.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/qWk/42jd0JmAcZARAkF2AJsGfA3n7v7l8f4A8ik+Ao6uqB9NYACfZnQ4 qf3SjmMxGkqRYyXuBBragEE= =zsxK -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: February 02, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 GENTOO LINUX SECURITY ANNOUNCEMENT 200310-03 PACKAGE : net-www/apache
SUMMARY : buffer overflow
DATE : Tue Oct 28 16:43:46 UTC 2003
EXPLOIT : local
VERSIONS AFFECTED :
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: February 02, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Guardian Digital, Inc. has published Guardian Digital Security Advisory ESA-20031105-030 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: March 08, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 **REVISED 01**
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0311-301
Originally issued: 18 November 2003
Last revised: 19 November 2003
SSRT3663 Apache HTTP Server mod_cgid, mod_alias, mod_rewrite NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact. The information in the following Security Bulletin should be
acted upon as soon as possible. Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in this
Security Bulletin as soon as possible. PROBLEM: 1. mod_cgid mishandling of CGI redirect paths could
result in CGI output going to the wrong client when a
threaded MPM is used. More details are available at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789 2. A buffer overflow could occur in mod_alias and
mod_rewrite when a regular expression with more than
9 captures is configured. More details are available at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542 IMPACT: Potential Denial of Service or execute arbitrary code. PLATFORM: HP9000 Servers running HP-UX release B.11.00, B.11.11,
B.11.20, B.11.22, and B.11.23 with versions of the
following products are affected, and represented as: product-name, version (product-tag/bundle-tag) product-name, version (product-tag/bundle-tag) - hp apache-based web server, 2.0.43.04
or earlier (HPApache/B9416AA)
This product includes Apache 2.0.43. - hp-ux apache-based web server, v.1.0.09.01
or earlier (hpuxwsAPACHE/hpuxwsApache)
This product includes Apache 2.0.47. - hp apache-based web server (with IPv6 support),
2.0.43.04 or earlier (HPApache/B9416BA)
This product includes Apache 2.0.43. - hp-ux apache-based web server(with IPv6 support),
v.1.0.09.01 or earlier (hpuxwsAPACHE/hpuxwsApache)
This product includes Apache 2.0.47. SOLUTION: For HP-UX releases B.11.00, B.11.11, B.11.20, B.11.22
and B.11.23 download new HP Apache product from
http://www.software.hp.com/: For HPApache/B9416AA, HPApache/B9416BA and
hpuxwsAPACHE/hpuxwsApache download the following: - hp-ux apache-based web server (with IPv4)
v.1.0.10.01 or later (hpuxwsAPACHE/hpuxwsApache)
This product includes Apache 2.0.48. http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/
cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE - hp-ux apache-based web server(with IPv6 support),
v.1.0.10.01 or later (hpuxwsAPACHE/hpuxwsApache)
This product includes Apache 2.0.48. http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/
cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE MANUAL ACTIONS: Yes - Non-Update
Install the product containing the fix. For customers with HPApache/B9416AA
HPApache/B9416BA installed, the fix requires
migration to hpuxwsAPACHE/hpuxwsApache and
removing the affected products from the system. AVAILABILITY: Complete product bundles are available now on
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: February 02, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
MandrakeSoft has published MandrakeSoft Security Advisory MDKSA-2003:103 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: February 02, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The OpenPKG development team has published OpenPKG Security Advisory OpenPKG-SA-2003.046 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: February 02, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. has published the following Red Hat Security Advisories in response to this issue: RHSA-2003:320 RHSA-2003:360 RHSA-2003:405 RHSA-2004:015 Users are encouraged to review the information provided in these advisories and apply the patches they refer to.
Updated: March 08, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group has published SCO Security Advisory CSSA-2003-SCO.28 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Updated: February 02, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
SGI has published SGI Advanced Linux Environment security update #7 in response to this issue. Users are encouraged to review this bulletin and apply the patches it refers to.
Updated: February 02, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] apache security update (SSA:2003-308-01) Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to gain additional privileges. Sites running Apache should upgrade to the new packages. In addition, new mod_ssl packages have been prepared for all platforms, and new PHP packages have been prepared for Slackware 8.1, 9.0, and - -current (9.1 already uses PHP 4.3.3). In -current, these packages also move the Apache module directory from /usr/libexec to /usr/libexec/apache. Links for all of these related packages are provided below. More details about the Apache issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542 Here are the details from the Slackware 9.1 ChangeLog: Mon Nov 3 20:06:29 PST 2003 patches/packages/apache-1.3.29-i486-1.tgz: Upgraded to apache-1.3.29. This fixes the following local security issue: o CAN-2003-0542 (cve.mitre.org) Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. This vulnerability requires the attacker to create or modify certain Apache configuration files, and is not a remote hole. However, it could possibly be used to gain additional privileges if access to the Apache administrator account can be gained through some other means. All sites running Apache should upgrade. (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.29-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.3-i386-1.tgz Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.29-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.3-i386-1.tgz Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.29-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.16_1.3.29-i486-1.tgz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.29-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.16_1.3.29-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.3.3-i486-3.tgz MD5 SIGNATURES: Slackware 8.1 packages: 1a8190a214c052f0707bd5a6b005a7cd apache-1.3.29-i386-1.tgz eb74afbc99295c01d418b576e92e83bb mod_ssl-2.8.16_1.3.29-i386-1.tgz b41a44c3ce2a3a09873b5d0930faf4c1 php-4.3.3-i386-1.tgz Slackware 9.0 packages: bb34ae622245f57bdca747ac5d8f73cf apache-1.3.29-i386-1.tgz c84af5778a5667a06a60a274f2fe1edb mod_ssl-2.8.16_1.3.29-i386-1.tgz 7660e36f2cfb30cc339734369cca7719 php-4.3.3-i386-1.tgz Slackware 9.1 packages: 9b494bb3f03cb4a4cb8c28f4fcc76666 apache-1.3.29-i486-1.tgz 938412e01daf55fee37293a5790d907f mod_ssl-2.8.16_1.3.29-i486-1.tgz Slackware -current packages: 091c22d398c51fee820dd0d0b7d514e3 apache-1.3.29-i486-1.tgz cd260439c9f1373329ba2224ace0451d mod_ssl-2.8.16_1.3.29-i486-1.tgz cc90540cc07e840e5a0513ffbb308102 php-4.3.3-i486-3.tgz INSTALLATION INSTRUCTIONS: First, stop apache: # apachectl stop Next, upgrade these packages as root: # upgradepkg apache-1.3.29-i486-1.tgz # upgradepkg mod_ssl-2.8.16_1.3.29-i486-1.tgz # upgradepkg php-4.3.3-i486-3.tgz Finally, restart apache: # apachectl start Or, if you're running a secure server with mod_ssl: # apachectl startssl Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | unsubscribe slackware-security | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/qEKrakRjwEAQIjMRArvcAKCMB2tJJVmHitflS/Rc0yG9kksiPACeP0Dd 7HXUeO3O/cg1yufkh2Zvrqg= =YQdI -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: March 08, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. has published Sun Security Alert #57496 in response to this issue. Users are encouraged to review this alert and apply the patches it refers to.
Updated: February 02, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The Trustix development team has published Trustix Secure Linux Security Advisory #2003-0041 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.