LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 'libapache-mod-ssl' Buffer overflow / DoS Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian Recently, a problem has been found in the handling of .htaccess files,allowing arbitrary code execution as the web server user (regardless ofExecCGI / suexec settings), DoS attacks (killing off apache children), andallowing someone to take control of apache child processes - all troughspecially crafted .htaccess files.

------------------------------------------------------------------------
Debian Security Advisory DSA-135-1                   security@debian.org 
http://www.debian.org/security/ Robert van der Meulen
July  2, 2002
------------------------------------------------------------------------


Package        : libapache-mod-ssl
Problem type   : buffer overflow / DoS
Debian-specific: no

The libapache-mod-ssl package provides SSL capability to the apache
webserver.
Recently, a problem has been found in the handling of .htaccess files,
allowing arbitrary code execution as the web server user (regardless of
ExecCGI / suexec settings), DoS attacks (killing off apache children), and
allowing someone to take control of apache child processes - all trough
specially crafted .htaccess files.
More information about this vulnerability can be found at
 
http://online.securityfocus.com/bid/5084

This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package
(for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) .
We recommend you upgrade as soon as possible.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.2 alias potato
---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  Packages for m68k are not available at this moment.

  Source archives:

     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2.dsc
MD5 checksum:	5b2cb207ba8214f52ffbc28836dd8dc4
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2.diff.gz
MD5 checksum:	29eef2b3307f00d92eb425ac669dabec
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9.orig.tar.gz
MD5 checksum:	cb0f2e07065438396f0d5df403dd2c16

  Architecture independent packages:

     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.4.10-1.3.9-1potato2_all.deb
MD5 checksum:	ebd8154f614e646b3a12980c8db606b6

  alpha architecture (DEC Alpha)

     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_alpha.deb
MD5 checksum:	a3d73598e692b9c0bb945a52a00a363c

  arm architecture (ARM)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_arm.deb
MD5 checksum:	11e1085504430cacadd0255a0743b80a

  i386 architecture (Intel ia32)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_i386.deb
MD5 checksum:	a1fd7d6a7ef3506ee0f94e56735d3d08

  powerpc architecture (PowerPC)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_powerpc.deb
MD5 checksum:	0f01742c2a77f2728baea4e1e9ad7ff0

  sparc architecture (Sun SPARC/UltraSPARC)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_sparc.deb
MD5 checksum:	4982a209adc93acbf50a650a3569d217

  These packages will be moved into the stable distribution on its next
  revision.

Debian GNU/Linux 3.0 alias woody
--------------------------------

  Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips,
  mipsel, powerpc, s390 and sparc.
  Packages for ia64 and hppa are not available for the moment.

  Source archives:

     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.dsc
MD5 checksum:	7cce5c97bd3cf35c8782d54a25138165
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.diff.gz
MD5 checksum:	fc9f20e6d3bece6f0d3bad067c61d56a

  Architecture independent packages:
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2_all.deb
MD5 checksum:	541257e99c523141625f5fc43fb3dec4

  alpha architecture (DEC Alpha)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_alpha.deb
MD5 checksum:	712e406d8be713047f3e46bbf58269a5

  arm architecture (ARM)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_arm.deb
MD5 checksum:	8ce3d4d45f45423a6c6b7d795c319d33

  i386 architecture (intel ia32)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_i386.deb
MD5 checksum:	06733dc49c228230e5713f34eae7f8b0

  m68k architecture
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_m68k.deb
MD5 checksum: 	e5a8518aac6d08bb5e9cc50195d336e3

  mips architecture
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_mips.deb
MD5 checksum:	dde883d6ee72f3b29fc324d9cb497670

  mipsel architecture
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_mipsel.deb
MD5 checksum:	a80756857248358c7973a5b0fb9372e2

  powerpc architecture (PowerPC)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_powerpc.deb
MD5 checksum:	715876a54ddddf1e17e4c2ec9d2f5eea

  s390 architecture (S390)
     http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_s390.deb
MD5 checksum:	1a31f564ceba0ca82d9892d023caffd0

--
----------------------------------------------------------------------------
apt-get: deb  http://security.debian.org/ stable/updates main
dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.