Mandrake: apache Buffer overflow vulnerability
Posted by LinuxSecurity.com Team   
Mandrake A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier.

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           apache
 Advisory ID:            MDKSA-2003:103
 Date:                   November 3rd, 2003

 Affected versions:	 9.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A buffer overflow in mod_alias and mod_rewrite was discovered in Apache
 versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier.  This
 happens when a regular expression with more than 9 captures is
 confined.  An attacker would have to create a carefully crafted
 configuration file (.htaccess or httpd.conf) in order to exploit these
 problems.
 
 As well, another buffer overflow in Apache 2.0.47 and earlier in
 mod_cgid's mishandling of CGI redirect paths could result in CGI output
 going to the wrong client when a threaded MPM is used.
 
 Apache version 2.0.48 and 1.3.29 were released upstream to correct
 these bugs; backported patches have been applied to the provided
 packages.
 _______________________________________________________________________

 References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789
   http://www.apache.org/dist/httpd/Announcement.html
   http://www.apache.org/dist/httpd/Announcement2.html
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 02895e0914bc1a0885000cef805f7759  corporate/2.1/RPMS/apache-1.3.26-6.3.90mdk.i586.rpm
 ee997dd297049bc75878a5de8904c965  corporate/2.1/RPMS/apache-common-1.3.26-6.3.90mdk.i586.rpm
 63806c79f65ee1a1830caa41b0cf3784  corporate/2.1/RPMS/apache-devel-1.3.26-6.3.90mdk.i586.rpm
 68f2aca22d84d56b234aaaa2e348d2aa  corporate/2.1/RPMS/apache-manual-1.3.26-6.3.90mdk.i586.rpm
 ed0d46c1a861a09dbe36b5ccdb02754d  corporate/2.1/RPMS/apache-modules-1.3.26-6.3.90mdk.i586.rpm
 8788c3001078f32e975941aa7a556cd1  corporate/2.1/RPMS/apache-source-1.3.26-6.3.90mdk.i586.rpm
 ed87d94ec5aeb007d98717e7d1a3d314  corporate/2.1/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Corporate Server 2.1/x86_64:
 91700397109a221089871e610ee438f3  x86_64/corporate/2.1/RPMS/apache-1.3.26-6.3.90mdk.x86_64.rpm
 8e63504cfe91f209653401569c059042  x86_64/corporate/2.1/RPMS/apache-common-1.3.26-6.3.90mdk.x86_64.rpm
 c71ee8d0d00d504beaa1bd3259152d28  x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-6.3.90mdk.x86_64.rpm
 931135aefb6bc1214ba40621d9172ac1  x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-6.3.90mdk.x86_64.rpm
 d46a618a36786f7eec1d5f494e794bda  x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-6.3.90mdk.x86_64.rpm
 3b08e1dcfc7ef233dbd3ce9c6fff41d1  x86_64/corporate/2.1/RPMS/apache-source-1.3.26-6.3.90mdk.x86_64.rpm
 ed87d94ec5aeb007d98717e7d1a3d314  x86_64/corporate/2.1/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Mandrake Linux 9.0:
 02895e0914bc1a0885000cef805f7759  9.0/RPMS/apache-1.3.26-6.3.90mdk.i586.rpm
 ee997dd297049bc75878a5de8904c965  9.0/RPMS/apache-common-1.3.26-6.3.90mdk.i586.rpm
 63806c79f65ee1a1830caa41b0cf3784  9.0/RPMS/apache-devel-1.3.26-6.3.90mdk.i586.rpm
 68f2aca22d84d56b234aaaa2e348d2aa  9.0/RPMS/apache-manual-1.3.26-6.3.90mdk.i586.rpm
 ed0d46c1a861a09dbe36b5ccdb02754d  9.0/RPMS/apache-modules-1.3.26-6.3.90mdk.i586.rpm
 8788c3001078f32e975941aa7a556cd1  9.0/RPMS/apache-source-1.3.26-6.3.90mdk.i586.rpm
 ed87d94ec5aeb007d98717e7d1a3d314  9.0/SRPMS/apache-1.3.26-6.3.90mdk.src.rpm

 Mandrake Linux 9.1:
 3a24d35dcd08d4c82ccd6fac204047bc  9.1/RPMS/apache-1.3.27-8.1.91mdk.i586.rpm
 61cde3633d0866c6f03e29565ea56360  9.1/RPMS/apache-devel-1.3.27-8.1.91mdk.i586.rpm
 e58a9378cff2e24bcbfe6c56d08f2505  9.1/RPMS/apache-modules-1.3.27-8.1.91mdk.i586.rpm
 4b47d0bc773d59a17d5a40f627569707  9.1/RPMS/apache-source-1.3.27-8.1.91mdk.i586.rpm
 c780a92fd6dbb3cdd0d52049c534778f  9.1/RPMS/apache2-2.0.47-1.6.91mdk.i586.rpm
 41e7366c6dfa0331ed48027e3a2dd881  9.1/RPMS/apache2-common-2.0.47-1.6.91mdk.i586.rpm
 230d990186ca121121bbc4e1720afb3d  9.1/RPMS/apache2-devel-2.0.47-1.6.91mdk.i586.rpm
 36894b37c5eb5dfa628f6a2fe3de5580  9.1/RPMS/apache2-manual-2.0.47-1.6.91mdk.i586.rpm
 76e8293d061a84d9413453e1d6c282b6  9.1/RPMS/apache2-mod_dav-2.0.47-1.6.91mdk.i586.rpm
 bb106f0ebd893e4547ef3f0a6d1572f9  9.1/RPMS/apache2-mod_ldap-2.0.47-1.6.91mdk.i586.rpm
 17003f2c15c2379275caf21fe097c7a9  9.1/RPMS/apache2-mod_ssl-2.0.47-1.6.91mdk.i586.rpm
 d595f9e2c94b646869087a15e8138a44  9.1/RPMS/apache2-modules-2.0.47-1.6.91mdk.i586.rpm
 b119835d0d18b01613e7977f4daa7a38  9.1/RPMS/apache2-source-2.0.47-1.6.91mdk.i586.rpm
 7c3b7fc1bed6ed59b8a328d8ac3b3056  9.1/RPMS/libapr0-2.0.47-1.6.91mdk.i586.rpm
 a187d7819937e82deea23da621f38ee5  9.1/SRPMS/apache-1.3.27-8.1.91mdk.src.rpm
 31a46639efb035b67ea3b70f91815d9b  9.1/SRPMS/apache2-2.0.47-1.6.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 6cf015976106eaaa8bdbfb46501c5339  ppc/9.1/RPMS/apache-1.3.27-8.1.91mdk.ppc.rpm
 41f85b24716c140bdd5f041200d6f68c  ppc/9.1/RPMS/apache-devel-1.3.27-8.1.91mdk.ppc.rpm
 12ea7768f27c739f433f8cd856e8f3ed  ppc/9.1/RPMS/apache-modules-1.3.27-8.1.91mdk.ppc.rpm
 8ddfdeb72fe3058ae83076ad00b184c4  ppc/9.1/RPMS/apache-source-1.3.27-8.1.91mdk.ppc.rpm
 7ecb812bb84877964bd0244527042b7c  ppc/9.1/RPMS/apache2-2.0.47-1.6.91mdk.ppc.rpm
 df9dbdcaf995332bc2950f3b64e0b5cd  ppc/9.1/RPMS/apache2-common-2.0.47-1.6.91mdk.ppc.rpm
 7efb7e7271527bef25ac76c017cf940f  ppc/9.1/RPMS/apache2-devel-2.0.47-1.6.91mdk.ppc.rpm
 46e0066408b8c9c2f537315b9d7de495  ppc/9.1/RPMS/apache2-manual-2.0.47-1.6.91mdk.ppc.rpm
 832793eba23c7f55544ade7478d66971  ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.6.91mdk.ppc.rpm
 1338474c76c753216f024f6df189a369  ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.6.91mdk.ppc.rpm
 2f1fc4f54067d4ed4e13a24de93ac2b2  ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.6.91mdk.ppc.rpm
 c9e89384dced046092fb96e3f4c71cd3  ppc/9.1/RPMS/apache2-modules-2.0.47-1.6.91mdk.ppc.rpm
 893a388ffd122c25b021ccaedcaf3bc8  ppc/9.1/RPMS/apache2-source-2.0.47-1.6.91mdk.ppc.rpm
 8797a894c157099d8fa59e0ee6a09725  ppc/9.1/RPMS/libapr0-2.0.47-1.6.91mdk.ppc.rpm
 a187d7819937e82deea23da621f38ee5  ppc/9.1/SRPMS/apache-1.3.27-8.1.91mdk.src.rpm
 31a46639efb035b67ea3b70f91815d9b  ppc/9.1/SRPMS/apache2-2.0.47-1.6.91mdk.src.rpm

 Mandrake Linux 9.2:
 87b439a1ea3c7a53ae6bd65b8de8823d  9.2/RPMS/apache-1.3.28-3.1.92mdk.i586.rpm
 a7dd2cfc0f24e74285756df47b8b2560  9.2/RPMS/apache-devel-1.3.28-3.1.92mdk.i586.rpm
 e9396a1d140c37ed3c54c9fc8946b075  9.2/RPMS/apache-modules-1.3.28-3.1.92mdk.i586.rpm
 59f841c1809a057b7db9809f98902e2a  9.2/RPMS/apache-source-1.3.28-3.1.92mdk.i586.rpm
 67ea76c94fd96d4b58902f347e7424a4  9.2/RPMS/apache2-2.0.47-6.3.92mdk.i586.rpm
 57972c71c8489d0a3c9a68185031b879  9.2/RPMS/apache2-common-2.0.47-6.3.92mdk.i586.rpm
 3f3fb3d57b63cc56df9d6c7318a7cac5  9.2/RPMS/apache2-devel-2.0.47-6.3.92mdk.i586.rpm
 cea519816faccd534f542965fbbf9d15  9.2/RPMS/apache2-manual-2.0.47-6.3.92mdk.i586.rpm
 8d591555255d4348900fcd1bbc74061e  9.2/RPMS/apache2-mod_cache-2.0.47-6.3.92mdk.i586.rpm
 0e1fbe572782f546b44054a0265ea06e  9.2/RPMS/apache2-mod_dav-2.0.47-6.3.92mdk.i586.rpm
 3421ea0f95a7d897d9d339bf6e3aae33  9.2/RPMS/apache2-mod_deflate-2.0.47-6.3.92mdk.i586.rpm
 46bec7aa9274f16aa9768aa6ffec0cb5  9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.3.92mdk.i586.rpm
 d343b2d6a22f52a2ff5dd2844005c0f2  9.2/RPMS/apache2-mod_file_cache-2.0.47-6.3.92mdk.i586.rpm
 8f6b81b7933f766fc979254f4ce3b83c  9.2/RPMS/apache2-mod_ldap-2.0.47-6.3.92mdk.i586.rpm
 fedeaeb50040b8292f5b4da2cb27fc4e  9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.3.92mdk.i586.rpm
 63774164ba26208b71a2a7a5f5136550  9.2/RPMS/apache2-mod_proxy-2.0.47-6.3.92mdk.i586.rpm
 0399f23f2c87e07d18bb98617c79f24c  9.2/RPMS/apache2-mod_ssl-2.0.47-6.3.92mdk.i586.rpm
 36e47d1f2ba0a23d6c1055fe6f606134  9.2/RPMS/apache2-modules-2.0.47-6.3.92mdk.i586.rpm
 1af39eba2fff3635a323dfec02a333fb  9.2/RPMS/apache2-source-2.0.47-6.3.92mdk.i586.rpm
 4b7d2788a521162aa67237db2dbc0c3d  9.2/RPMS/libapr0-2.0.47-6.3.92mdk.i586.rpm
 e6603582c732931d8c8186547eee702d  9.2/SRPMS/apache-1.3.28-3.1.92mdk.src.rpm
 6407cf397b65ebf7b66554d7a1445489  9.2/SRPMS/apache2-2.0.47-6.3.92mdk.src.rpm

 Multi Network Firewall 8.2:
 4ae3471596b2301da8062c38e7406c38  mnf8.2/RPMS/apache-1.3.23-4.3.M82mdk.i586.rpm
 fd001d68be7fc7086ca7493da05db4f0  mnf8.2/RPMS/apache-common-1.3.23-4.3.M82mdk.i586.rpm
 b7776aac2533499a79c820d0097187a0  mnf8.2/RPMS/apache-modules-1.3.23-4.3.M82mdk.i586.rpm
 98df8da770fe4b3ede43e4af4e9de067  mnf8.2/SRPMS/apache-1.3.23-4.3.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

   http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com