LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: apache Buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier.

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache
 Advisory ID:            MDKSA-2003:103
 Date:                   November 3rd, 2003

 Affected versions:	 9.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A buffer overflow in mod_alias and mod_rewrite was discovered in Apache
 versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier.  This
 happens when a regular expression with more than 9 captures is
 confined.  An attacker would have to create a carefully crafted
 configuration file (.htaccess or httpd.conf) in order to exploit these
 problems.
 
 As well, another buffer overflow in Apache 2.0.47 and earlier in
 mod_cgid's mishandling of CGI redirect paths could result in CGI output
 going to the wrong client when a threaded MPM is used.
 
 Apache version 2.0.48 and 1.3.29 were released upstream to correct
 these bugs; backported patches have been applied to the provided
 packages.
 _______________________________________________________________________

 References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789
   http://www.apache.org/dist/httpd/Announcement.html
   http://www.apache.org/dist/httpd/Announcement2.html
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 02895e0914bc1a0885000cef805f7759  corporate/2.1/RPMS/apache-1.3.26-6.3.90mdk.i586.rpm
 ee997dd297049bc75878a5de8904c965  corporate/2.1/RPMS/apache-common-1.3.26-6.3.90mdk.i586.rpm
 63806c79f65ee1a1830caa41b0cf3784  corporate/2.1/RPMS/apache-devel-1.3.26-6.3.90mdk.i586.rpm
 68f2aca22d84d56b234aaaa2e348d2aa  corporate/2.1/RPMS/apache-manual-1.3.26-6.3.90mdk.i586.rpm
 ed0d46c1a861a09dbe36b5ccdb02754d  corporate/2.1/RPMS/apache-modules-1.3.26-6.3.90mdk.i586.rpm
 8788c3001078f32e975941aa7a556cd1  corporate/2.1/RPMS/apache-source-1.3.26-6.3.90mdk.i586.rpm
 ed87d94ec5aeb007d98717e7d1a3d314  corporate/2.1/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Corporate Server 2.1/x86_64:
 91700397109a221089871e610ee438f3  x86_64/corporate/2.1/RPMS/apache-1.3.26-6.3.90mdk.x86_64.rpm
 8e63504cfe91f209653401569c059042  x86_64/corporate/2.1/RPMS/apache-common-1.3.26-6.3.90mdk.x86_64.rpm
 c71ee8d0d00d504beaa1bd3259152d28  x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-6.3.90mdk.x86_64.rpm
 931135aefb6bc1214ba40621d9172ac1  x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-6.3.90mdk.x86_64.rpm
 d46a618a36786f7eec1d5f494e794bda  x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-6.3.90mdk.x86_64.rpm
 3b08e1dcfc7ef233dbd3ce9c6fff41d1  x86_64/corporate/2.1/RPMS/apache-source-1.3.26-6.3.90mdk.x86_64.rpm
 ed87d94ec5aeb007d98717e7d1a3d314  x86_64/corporate/2.1/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Mandrake Linux 9.0:
 02895e0914bc1a0885000cef805f7759  9.0/RPMS/apache-1.3.26-6.3.90mdk.i586.rpm
 ee997dd297049bc75878a5de8904c965  9.0/RPMS/apache-common-1.3.26-6.3.90mdk.i586.rpm
 63806c79f65ee1a1830caa41b0cf3784  9.0/RPMS/apache-devel-1.3.26-6.3.90mdk.i586.rpm
 68f2aca22d84d56b234aaaa2e348d2aa  9.0/RPMS/apache-manual-1.3.26-6.3.90mdk.i586.rpm
 ed0d46c1a861a09dbe36b5ccdb02754d  9.0/RPMS/apache-modules-1.3.26-6.3.90mdk.i586.rpm
 8788c3001078f32e975941aa7a556cd1  9.0/RPMS/apache-source-1.3.26-6.3.90mdk.i586.rpm
 ed87d94ec5aeb007d98717e7d1a3d314  9.0/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Mandrake Linux 9.1:
 3a24d35dcd08d4c82ccd6fac204047bc  9.1/RPMS/apache-1.3.27-8.1.91mdk.i586.rpm
 61cde3633d0866c6f03e29565ea56360  9.1/RPMS/apache-devel-1.3.27-8.1.91mdk.i586.rpm
 e58a9378cff2e24bcbfe6c56d08f2505  9.1/RPMS/apache-modules-1.3.27-8.1.91mdk.i586.rpm
 4b47d0bc773d59a17d5a40f627569707  9.1/RPMS/apache-source-1.3.27-8.1.91mdk.i586.rpm
 c780a92fd6dbb3cdd0d52049c534778f  9.1/RPMS/apache2-2.0.47-1.6.91mdk.i586.rpm
 41e7366c6dfa0331ed48027e3a2dd881  9.1/RPMS/apache2-common-2.0.47-1.6.91mdk.i586.rpm
 230d990186ca121121bbc4e1720afb3d  9.1/RPMS/apache2-devel-2.0.47-1.6.91mdk.i586.rpm
 36894b37c5eb5dfa628f6a2fe3de5580  9.1/RPMS/apache2-manual-2.0.47-1.6.91mdk.i586.rpm
 76e8293d061a84d9413453e1d6c282b6  9.1/RPMS/apache2-mod_dav-2.0.47-1.6.91mdk.i586.rpm
 bb106f0ebd893e4547ef3f0a6d1572f9  9.1/RPMS/apache2-mod_ldap-2.0.47-1.6.91mdk.i586.rpm
 17003f2c15c2379275caf21fe097c7a9  9.1/RPMS/apache2-mod_ssl-2.0.47-1.6.91mdk.i586.rpm
 d595f9e2c94b646869087a15e8138a44  9.1/RPMS/apache2-modules-2.0.47-1.6.91mdk.i586.rpm
 b119835d0d18b01613e7977f4daa7a38  9.1/RPMS/apache2-source-2.0.47-1.6.91mdk.i586.rpm
 7c3b7fc1bed6ed59b8a328d8ac3b3056  9.1/RPMS/libapr0-2.0.47-1.6.91mdk.i586.rpm
 a187d7819937e82deea23da621f38ee5  9.1/SRPMS/apache-1.3.27-8.1.91mdk.src.rpm
 31a46639efb035b67ea3b70f91815d9b  9.1/SRPMS/apache2-2.0.47-1.6.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 6cf015976106eaaa8bdbfb46501c5339  ppc/9.1/RPMS/apache-1.3.27-8.1.91mdk.ppc.rpm
 41f85b24716c140bdd5f041200d6f68c  ppc/9.1/RPMS/apache-devel-1.3.27-8.1.91mdk.ppc.rpm
 12ea7768f27c739f433f8cd856e8f3ed  ppc/9.1/RPMS/apache-modules-1.3.27-8.1.91mdk.ppc.rpm
 8ddfdeb72fe3058ae83076ad00b184c4  ppc/9.1/RPMS/apache-source-1.3.27-8.1.91mdk.ppc.rpm
 7ecb812bb84877964bd0244527042b7c  ppc/9.1/RPMS/apache2-2.0.47-1.6.91mdk.ppc.rpm
 df9dbdcaf995332bc2950f3b64e0b5cd  ppc/9.1/RPMS/apache2-common-2.0.47-1.6.91mdk.ppc.rpm
 7efb7e7271527bef25ac76c017cf940f  ppc/9.1/RPMS/apache2-devel-2.0.47-1.6.91mdk.ppc.rpm
 46e0066408b8c9c2f537315b9d7de495  ppc/9.1/RPMS/apache2-manual-2.0.47-1.6.91mdk.ppc.rpm
 832793eba23c7f55544ade7478d66971  ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.6.91mdk.ppc.rpm
 1338474c76c753216f024f6df189a369  ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.6.91mdk.ppc.rpm
 2f1fc4f54067d4ed4e13a24de93ac2b2  ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.6.91mdk.ppc.rpm
 c9e89384dced046092fb96e3f4c71cd3  ppc/9.1/RPMS/apache2-modules-2.0.47-1.6.91mdk.ppc.rpm
 893a388ffd122c25b021ccaedcaf3bc8  ppc/9.1/RPMS/apache2-source-2.0.47-1.6.91mdk.ppc.rpm
 8797a894c157099d8fa59e0ee6a09725  ppc/9.1/RPMS/libapr0-2.0.47-1.6.91mdk.ppc.rpm
 a187d7819937e82deea23da621f38ee5  ppc/9.1/SRPMS/apache-1.3.27-8.1.91mdk.src.rpm
 31a46639efb035b67ea3b70f91815d9b  ppc/9.1/SRPMS/apache2-2.0.47-1.6.91mdk.src.rpm

 Mandrake Linux 9.2:
 87b439a1ea3c7a53ae6bd65b8de8823d  9.2/RPMS/apache-1.3.28-3.1.92mdk.i586.rpm
 a7dd2cfc0f24e74285756df47b8b2560  9.2/RPMS/apache-devel-1.3.28-3.1.92mdk.i586.rpm
 e9396a1d140c37ed3c54c9fc8946b075  9.2/RPMS/apache-modules-1.3.28-3.1.92mdk.i586.rpm
 59f841c1809a057b7db9809f98902e2a  9.2/RPMS/apache-source-1.3.28-3.1.92mdk.i586.rpm
 67ea76c94fd96d4b58902f347e7424a4  9.2/RPMS/apache2-2.0.47-6.3.92mdk.i586.rpm
 57972c71c8489d0a3c9a68185031b879  9.2/RPMS/apache2-common-2.0.47-6.3.92mdk.i586.rpm
 3f3fb3d57b63cc56df9d6c7318a7cac5  9.2/RPMS/apache2-devel-2.0.47-6.3.92mdk.i586.rpm
 cea519816faccd534f542965fbbf9d15  9.2/RPMS/apache2-manual-2.0.47-6.3.92mdk.i586.rpm
 8d591555255d4348900fcd1bbc74061e  9.2/RPMS/apache2-mod_cache-2.0.47-6.3.92mdk.i586.rpm
 0e1fbe572782f546b44054a0265ea06e  9.2/RPMS/apache2-mod_dav-2.0.47-6.3.92mdk.i586.rpm
 3421ea0f95a7d897d9d339bf6e3aae33  9.2/RPMS/apache2-mod_deflate-2.0.47-6.3.92mdk.i586.rpm
 46bec7aa9274f16aa9768aa6ffec0cb5  9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.3.92mdk.i586.rpm
 d343b2d6a22f52a2ff5dd2844005c0f2  9.2/RPMS/apache2-mod_file_cache-2.0.47-6.3.92mdk.i586.rpm
 8f6b81b7933f766fc979254f4ce3b83c  9.2/RPMS/apache2-mod_ldap-2.0.47-6.3.92mdk.i586.rpm
 fedeaeb50040b8292f5b4da2cb27fc4e  9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.3.92mdk.i586.rpm
 63774164ba26208b71a2a7a5f5136550  9.2/RPMS/apache2-mod_proxy-2.0.47-6.3.92mdk.i586.rpm
 0399f23f2c87e07d18bb98617c79f24c  9.2/RPMS/apache2-mod_ssl-2.0.47-6.3.92mdk.i586.rpm
 36e47d1f2ba0a23d6c1055fe6f606134  9.2/RPMS/apache2-modules-2.0.47-6.3.92mdk.i586.rpm
 1af39eba2fff3635a323dfec02a333fb  9.2/RPMS/apache2-source-2.0.47-6.3.92mdk.i586.rpm
 4b7d2788a521162aa67237db2dbc0c3d  9.2/RPMS/libapr0-2.0.47-6.3.92mdk.i586.rpm
 e6603582c732931d8c8186547eee702d  9.2/SRPMS/apache-1.3.28-3.1.92mdk.src.rpm
 6407cf397b65ebf7b66554d7a1445489  9.2/SRPMS/apache2-2.0.47-6.3.92mdk.src.rpm

 Multi Network Firewall 8.2:
 4ae3471596b2301da8062c38e7406c38  mnf8.2/RPMS/apache-1.3.23-4.3.M82mdk.i586.rpm
 fd001d68be7fc7086ca7493da05db4f0  mnf8.2/RPMS/apache-common-1.3.23-4.3.M82mdk.i586.rpm
 b7776aac2533499a79c820d0097187a0  mnf8.2/RPMS/apache-modules-1.3.23-4.3.M82mdk.i586.rpm
 98df8da770fe4b3ede43e4af4e9de067  mnf8.2/SRPMS/apache-1.3.23-4.3.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

   http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.