[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 280/04 - Two Gentoo Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 280/04 dated 10.06.04  Time: 14:55  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two Gentoo Security Advisories:

1. GLSA 200406-05: Apache: Buffer overflow in mod_ssl.

2. GLSA 200406-04: Mailman: Member password disclosure vulnerability.


Detail
====== 

1. A bug in mod_ssl may allow a remote attacker to execute remote code when
Apache is configured a certain way.

2. Mailman contains a bug allowing 3rd parties to retrieve member passwords.



1.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200406-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Apache: Buffer overflow in mod_ssl
      Date: June 09, 2004
      Bugs: #51368
        ID: 200406-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A bug in mod_ssl may allow a remote attacker to execute remote code when Apache is configured a certain way.

Background
==========

Apache is the most popular Web server on the Internet. mod_ssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Apache 2 contains the functionality of mod_ssl.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /    Vulnerable    /                  Unaffected
    -------------------------------------------------------------------
  1  net-www/mod_ssl        < 2.8.18                         >= 2.8.18
  2  net-www/apache       <= 2.0.49-r2                           < 2.0
                                                          >= 2.0.49-r3
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

A bug in the function ssl_util_uuencode_binary in ssl_util.c may lead to a remote buffer overflow on a server configured to use FakeBasicAuth that will trust a client certificate with an issuing CA with a subject DN longer than 6k.

Impact
======

Given the right server configuration, an attacker could cause a Denial of Service or execute code as the user running Apache, usually "apache". It is thought to be impossible to exploit this to execute code on the x86 platform, but the possibility for other platforms is unknown. This does not preclude a DoS on x86 systems.

Workaround
==========

A server should not be vulnerable if it is not configured to use FakeBasicAuth and to trust a client CA with a long subject DN.

Resolution
==========

Apache 1.x users should upgrade to the latest version of mod_ssl:

    # emerge sync

    # emerge -pv ">=net-www/modssl-2.8.18
    # emerge ">=net-www/modssl-2.8.18

Apache 2.x users should upgrade to the latest version of Apache:

    # emerge sync

    # emerge -pv ">=net-www/apache-2.0.49-r3"
    # emerge ">=net-www/apache-2.0.49-r3"

References
==========

  [ 1 ] CAN-2004-0488
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

     http://security.gentoo.org/glsa/glsa-200406-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAx2IKvcL1obalX08RAptlAJ9LVvRZ+JzIaFwgq0B3OZ0Q2o2AGgCfTDr7
r2p6/K12qtQnHqtIdAhkFL4=
=tQf1
- -----END PGP SIGNATURE-----




2. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200406-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Mailman: Member password disclosure vulnerability
      Date: June 09, 2004
      Bugs: #51671
        ID: 200406-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Mailman contains a bug allowing 3rd parties to retrieve member passwords.

Background
==========

Mailman is a python-based mailing list server with an extensive web interface.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /   Vulnerable   /                   Unaffected
    -------------------------------------------------------------------
  1  net-mail/mailman        < 2.1.5                          >= 2.1.5

Description
===========

Mailman contains an unspecified vulnerability in the handling of request emails.

Impact
======

By sending a carefully crafted email request to the mailman server an attacker could obtain member passwords.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All users of Mailman should upgrade to the latest stable version:

    # emerge sync

    # emerge -pv ">=net-mail/mailman-2.1.5"
    # emerge ">=net-mail/mailman-2.1.5"

References
==========

  [ 1 ] Mailman 2.1.5 Release Announcement
        http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html
  [ 2 ] CAN-2004-0412
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412

Availability
============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

     http://security.gentoo.org/glsa/glsa-200406-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0
- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Gentoo for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQMhn6Ypao72zK539AQGkaQP+KV9tPMCO+uOrFW6LGO5XY65Nvm1h3yts
Buja9VvEXw7lgdUxWJmcILd/46w/rPq7HZt7mvzeteDVAMTmWXft5w09Ug+QBlVt
Pn2jMUe5TEZIM9aQ88qvEG66nY7y32fba3jZuqBH2fk/NHYQyDH6kFxCPUoC3bKh
gHy/uc6hpaY=
=9Xky
-----END PGP SIGNATURE-----