Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Apache vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu.
Ubuntu Security Notice USN-499-1            August 16, 2007
apache2 vulnerabilities
CVE-2006-5752, CVE-2007-1863, CVE-2007-3304

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  apache2-common                           2.0.55-4ubuntu2.2
  apache2-mpm-prefork                      2.0.55-4ubuntu2.2
  apache2-mpm-worker                       2.0.55-4ubuntu2.2

Ubuntu 6.10:
  apache2-common                           2.0.55-4ubuntu4.1
  apache2-mpm-prefork                      2.0.55-4ubuntu4.1
  apache2-mpm-worker                       2.0.55-4ubuntu4.1

Ubuntu 7.04:
  apache2-mpm-prefork                      2.2.3-3.2ubuntu0.1
  apache2-mpm-worker                       2.2.3-3.2ubuntu0.1
  apache2.2-common                         2.2.3-3.2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Stefan Esser discovered that mod_status did not force a character set,
which could result in browsers becoming vulnerable to XSS attacks when
processing the output.  If a user were tricked into viewing server
status output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain.  By default, mod_status is disabled
in Ubuntu. (CVE-2006-5752)

Niklas Edmundsson discovered that the mod_cache module could be made to
crash using a specially crafted request.  A remote user could use this
to cause a denial of service if Apache was configured to use a threaded
worker.  By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)

A flaw was discovered in the signal handling of Apache.  A local
attacker could trick Apache into sending SIGUSR1 to other processes.
The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   115882 e94e45574e3b131d3a9a0e07e193f1e5
      Size/MD5:     1148 c2bc143625fbf8ca59fea300845c5a42
      Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

  Architecture independent packages:
      Size/MD5:  2124364 9b8ca5d5757c63f5ee6bbd507f0a8357

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   833000 be4c7770c725f5f4401ca06d1347211f
      Size/MD5:   227832 41c12dfe84f109e6544a33e4e1d791a8
      Size/MD5:   222934 7e4d072bad27239e366a6eda94c09190
      Size/MD5:   227576 8fc59f78a3fa0e5d6dac81e875039bda
      Size/MD5:   171082 4318f93373b705563251f377ed398614
      Size/MD5:   171860 257f4183d70be5a00546c39c5a18f108
      Size/MD5:    93916 695cee55f91ceb9424abe31d8b6ee1dd
      Size/MD5:    35902 00c1082a77ff1d863f72874c4472a26d
      Size/MD5:   285336 0a8510634b21f56f0d9619aa6fc9cec9
      Size/MD5:   143952 d75f83ac219bce95a15a8f44b82b8ea7

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   786186 4e78fa0d438867194f66b11b4eb6fc2e
      Size/MD5:   202448 74cf60884e18c1fc93f157010a15b12c
      Size/MD5:   198456 209a0b92995fec453ed4c2c181e3e555
      Size/MD5:   202038 6cbd437caf993fa2b2b38369cd3d5863
      Size/MD5:   171074 0a5a26aa58af7aa2d51d1cf5d7c543d6
      Size/MD5:   171848 af9ca78febc5bc0c7936296dab958349
      Size/MD5:    91884 2857d60b507b28c736f83815c9f3d1b8
      Size/MD5:    35906 202b5b233af0d26e29ca7302cf7fd04c
      Size/MD5:   261418 c90342706ac26682d15032a5ba5cb51a
      Size/MD5:   131850 951a4573901bc2f10d5febf940d57516

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   859126 afdd8642ca447fc9dc70dfed92be0fa6
      Size/MD5:   219898 6d9c9f924d2356bf9d3438a280870a7d
      Size/MD5:   215602 dd554132cdea0f860e01cf5d4e0dbc7c
      Size/MD5:   219378 7a1f4b325dacef287c901fa66680c04e
      Size/MD5:   171096 a0e2547d38ef1b84dc419d69e42ffa0b
      Size/MD5:   171864 200ab662b2c13786658486df37fda881
      Size/MD5:   103628 ae36642fbd4698bb362fa4bf9417b0e3
      Size/MD5:    35910 358027282f2f19451d3aa784dc0474dc
      Size/MD5:   280950 0d9b56ec076da25e2a03f6d3c6445057
      Size/MD5:   141074 f5d3d5e0e5911e0c0156ae55af50f87b

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   803440 d66da6a91c08956c3c5062668349ef41
      Size/MD5:   209970 57f0a8f823a4502ee9a2608e3181cc81
      Size/MD5:   205582 1dcfb0df796e85c409f614544ea589fe
      Size/MD5:   209330 6bf7ae824eea35d3487febef384fce91
      Size/MD5:   171080 1088337f4abcb6c8f65751b6120c2307
      Size/MD5:   171868 5cda04cd73a9c6d8dfc18abd55c09ebd
      Size/MD5:    92972 850ab3bb0904e8fe9b6255c42ba7f84c
      Size/MD5:    35904 7af260b95c4faa17ef34810fed888caf
      Size/MD5:   267550 08182a8a2cab00fc0e6bca2cccf5165f
      Size/MD5:   129760 a60606c6d2f12209b0bdae997be4a13f

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   116265 2732761b18dfb3c2cd1aa0b54c2cf623
      Size/MD5:     1148 4b9c4612469c521db0c5fdbe2f6b9b25
      Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

  Architecture independent packages:
      Size/MD5:  2124550 8d5c30342b35f9fd595fb09d7659b6fc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   836342 2c4ba483b0b20fdc2d43819109177941
      Size/MD5:   227390 e61cc1998f5b8f2c44dce587e59d288a
      Size/MD5:   222376 6bdbff7f7f80fd464d1e3ec52d6e7171
      Size/MD5:   226848 4356b4caf2b40f364c8893c41b9f9355
      Size/MD5:   171304 c4395af051e876228541ef5b8037d979
      Size/MD5:   172074 99dadc4ad0f0947f9368d89f4589d95a
      Size/MD5:    94204 30f3bb8c72575fe93940ecc730b8e4b6
      Size/MD5:    36152 ea3cbefcbee7e2f6e5555edb44733ad9
      Size/MD5:   286544 d555931490d44d93bec31c4bfc19ed12
      Size/MD5:   145014 3e06ceb0a55598d82f9f781c44e210b3

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   806938 050bb7665332d3761e1a8e47939fa507
      Size/MD5:   209556 ee530b24aba8838001ebb6c901bc90cd
      Size/MD5:   205718 b52a17c63909eae3c49bad0ab1958f4b
      Size/MD5:   209158 1844fa5e09224a90944f8b886ddb5a2a
      Size/MD5:   171296 9de8aba41f7e3d60f41536ca712adebb
      Size/MD5:   172078 01ccd554177364747b08e2933f121d2c
      Size/MD5:    93240 4573597317416869646eb2ea42cd0945
      Size/MD5:    36150 77666d65bade6a91bd58826c79f11dc9
      Size/MD5:   266390 a3963d8e76f6865404f7fadb47880c87
      Size/MD5:   137604 387f6bcdaa58dbbe53082241b3231844

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   865372 27d7f1de1fcb2114d3f3b0a774302488
      Size/MD5:   221542 1ae8fa5cf4b77f3b2aa054e2886e587e
      Size/MD5:   217044 9134983c40107f79fcac8d1eacbc7117
      Size/MD5:   221324 b435dc09c63ecbcd564a0923a8f07350
      Size/MD5:   171296 6d2a0abfb7a1daaeae56559eeb322dcb
      Size/MD5:   172064 ecc2037409554ea43c5a6848aa510c76
      Size/MD5:   104654 d0957d8df044c4a34437241792ed97d1
      Size/MD5:    36148 34e102e1d2e1c6a6f31801dfb98cb82a
      Size/MD5:   284548 c8f325ccc42cbe77191d4ddd9abc2a4e
      Size/MD5:   144238 82cfbfcec5fc4931078145af8947c035

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   811594 d8548e537fd81994bbb638e105dfbf8b
      Size/MD5:   212160 81cd0197ff89b79c967c1074ede9f8d7
      Size/MD5:   207870 5d80ed8dc39b0d4d59fccb747624a684
      Size/MD5:   211578 9407383d85db831dab728b39cce9acc8
      Size/MD5:   171294 5e4d695a99bdc1fdfb0bfcef8b91d03d
      Size/MD5:   172064 06e3e765d799e281dba7329ff9d9e138
      Size/MD5:    93796 1048b47b289fb2047fa9ac7ebbe94a57
      Size/MD5:    36150 0d106a177aa4271b1cfc0e96eec1a748
      Size/MD5:   268444 3912123e7c71cc638132305ca89fe23b
      Size/MD5:   130626 f4444e0239c2da7d3c31e3486606f95a

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   112120 f7b1a17718aed7ca73da3a6d7aad06b0
      Size/MD5:     1128 e82b1bee591fff50d6673ed1a443e543
      Size/MD5:  6342475 f72ffb176e2dc7b322be16508c09f63c

  Architecture independent packages:
      Size/MD5:  2199184 c03756f87cb164213428532f70e0c198
      Size/MD5:   272064 5be351f491f8d1aae9a270d1214e93e3
      Size/MD5:  6674104 bdbabf8f478562f0e003737e977ffc7b
      Size/MD5:    38668 9f0c7c01e8441285c084002eb4619065

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   449624 1b54a8000c40eaaa0f9e31527b9bb180
      Size/MD5:   445346 d15625641a3247fbf5d9d9b9aed34968
      Size/MD5:   449208 55f39c28a4de98d53f80231aeb7d6c59
      Size/MD5:   403570 0042c75be8a2d128d62b79398deaefa8
      Size/MD5:   404138 929772b95ea67f338ad423a65b2b7011
      Size/MD5:   341312 906819b0de863209575aa65d39a594a5
      Size/MD5:   971462 f85e32c5f6437ce149553aee97ffd934

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6
      Size/MD5:   428856 f506f2a9dd2dbd5c2d3f72a476cc3537
      Size/MD5:   432314 a5a11947ad8cf14604efa7ddcfd20bfe
      Size/MD5:   403574 da84a3a99276f14a11ac892ce7eee170
      Size/MD5:   404138 0fdd43a53e6957aa3a348a7bd9c876f5
      Size/MD5:   340396 88a0ddbc58335416d91c9f10adc9d5f5
      Size/MD5:   929716 138d58487b882e6002e3c5e4a9489add

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   451530 ddc437092ef642fcd396713cd1972f4c
      Size/MD5:   446960 af1b667708e062f81bca4e995355394d
      Size/MD5:   450940 ed9f31ec5045a88446115987c6e97655
      Size/MD5:   403574 65801ab51335a15dc370b9341a0e50dd
      Size/MD5:   404146 fd35e65fadd836feb0190b209947b466
      Size/MD5:   360518 b74bc9eead429cd8f0ebecd6a94e5edb
      Size/MD5:  1073812 376fe5b1ee383a6d870eea5dd3c6a704

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   434408 c70ef2e9aed191fe53886ceb3725596e
      Size/MD5:   430574 7b690896da23a151ee5e106d596c1143
      Size/MD5:   433918 cc01edfcfc673ba9a86c83fcc66e6870
      Size/MD5:   403568 a7660cff70394403c764cf8f30c7298a
      Size/MD5:   404136 b8587d5eba0be59a6576d6cf645b2122
      Size/MD5:   343370 1572a001a612add57d23350210ac1736
      Size/MD5:   938586 b74a91fcfbb0503355e94981310bd1ce

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.