[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 330/04 - Debian Security Advisory DSA 525-1



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 330/04 dated 28.06.04  Time: 15:35  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

New apache packages fix buffer overflow in mod_proxy

Detail
====== 

Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy module,
whereby a remote user could potentially cause arbitrary code to be executed 
with the privileges of an Apache httpd child process (by default, user www-data).
Note that this bug is only exploitable if the mod_proxy module is in use.



            ESB-2004.0431 -- Debian Security Advisory DSA 525-1
           New apache packages fix buffer overflow in mod_proxy
                               28 June 2004


Product:                apache (mod_proxy module)
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Remote
CVE Names:              CAN-2004-0492

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 525-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Matt Zimmerman
June 24th, 2004                         http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : apache
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0492

Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy module, 
whereby a remote user could potentially cause arbitrary code to be executed with 
the privileges of an Apache httpd child process (by default, user www-data).  
Note that this bug is only exploitable if the mod_proxy module is in use.

Note that this bug exists in a module in the apache-common package, shared by apache, 
apache-ssl and apache-perl, so this update is sufficient to correct the bug for all 
three builds of Apache httpd. However, on systems using apache-ssl or apache-perl, 
httpd will not automatically be restarted.

For the current stable distribution (woody), this problem has been fixed in version 1.3.26-0woody5.

For the unstable distribution (sid), this problem has been fixed in version 1.3.31-2.

We recommend that you update your apache package.

Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5.dsc
      Size/MD5 checksum:      668 728e205962ce1f02155cdeeae3b33596
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5.diff.gz
      Size/MD5 checksum:   299155 1f6504cbb56e55b0b67b5f911dc7601a
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz
      Size/MD5 checksum:  2586182 5cd778bbe6906b5ef39dbb7ef801de61

  Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody5_all.deb
      Size/MD5 checksum:  1129912 25ce8bbf0d753fa2b7a6e26c32f34789

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_alpha.deb
      Size/MD5 checksum:   395496 3681480dcd48c186aa3759e7a3aeabe0
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_alpha.deb
      Size/MD5 checksum:   925884 5deb71887a2bda9b51a84d52809ee96d
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_alpha.deb
      Size/MD5 checksum:   713886 ef9f3a034e9e995397c966c4ccb1ba14

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_arm.deb
      Size/MD5 checksum:   361138 20108dbf929f356aeb02d9adf40317c7
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_arm.deb
      Size/MD5 checksum:   838572 bace0690140cc427ae34bc82a169ebd1
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_arm.deb
      Size/MD5 checksum:   544356 7ebfaea0a36f5661c82f8facbeb97199

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_i386.deb
      Size/MD5 checksum:   353488 0cb1fefd1daf2f3d3d74bc837e5dcee6
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_i386.deb
      Size/MD5 checksum:   822024 8f94a40d22fe86da3a513945745b46bd
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_i386.deb
      Size/MD5 checksum:   536422 18bec488eb2cb1f08234d063f3f018fc

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_ia64.deb
      Size/MD5 checksum:   436866 d73b9c14b39b1ce3cecdf25c4bb7b4d3
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_ia64.deb
      Size/MD5 checksum:  1012118 70574b1082626c0a63e4214ed2565965
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_ia64.deb
      Size/MD5 checksum:   949112 f455cbafb0be5fdbb61841e5f538f649

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_hppa.deb
      Size/MD5 checksum:   386164 2b45089dda26eba6c04313b636ac6d90
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_hppa.deb
      Size/MD5 checksum:   891114 b777e3971bfcf3fabcd8f00a6356f193
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_hppa.deb
      Size/MD5 checksum:   587064 b06b99057dce7e6501e716d65f8e75f9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_m68k.deb
      Size/MD5 checksum:   347890 5d0c289522098f0f209df8444bb59b9e
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_m68k.deb
      Size/MD5 checksum:   820892 ec0656021adabae1022b461b882775b0
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_m68k.deb
      Size/MD5 checksum:   537236 280185606f9d5160454bc355818007fa

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_mips.deb
      Size/MD5 checksum:   376464 a94cf93b405cf05372fc5d4f8bf7672f
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_mips.deb
      Size/MD5 checksum:   843944 cb9e216b23a38b6d39296ce8b7ccf996
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_mips.deb
      Size/MD5 checksum:   576406 7cfff44064ce0f2a02c9cbb97b068d83

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_mipsel.deb
      Size/MD5 checksum:   376518 770cd115049bb2158e201549cc35520a
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_mipsel.deb
      Size/MD5 checksum:   842596 3b85507e74eb531d61429befd63ece53
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_mipsel.deb
      Size/MD5 checksum:   565592 2399177b56c48b52abe29ff6a48d5299

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_powerpc.deb
      Size/MD5 checksum:   366994 679d12a1cef75a8aa5b3408ab5c0bd79
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_powerpc.deb
      Size/MD5 checksum:   846036 7188ed09e4fc2a18fbb426516f57fe8b
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_powerpc.deb
      Size/MD5 checksum:   558974 e42357dd7be10c9bbc2b36a865792f5b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_s390.deb
      Size/MD5 checksum:   363750 c5e1a6db42fce09c1e4076640894cb4f
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_s390.deb
      Size/MD5 checksum:   832464 3df3958b908e8f3acbe05f3e6acc032f
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_s390.deb
      Size/MD5 checksum:   559418 ef6af5cb54b3f4da25be386bf2c89ec7

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_sparc.deb
      Size/MD5 checksum:   360892 ed75775f79c9ed173c9e0baf2450be01
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_sparc.deb
      Size/MD5 checksum:   847292 b54050e25ac6166e390dd72018538bcf
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_sparc.deb
      Size/MD5 checksum:   544812 d3b7f0401f78d5f4d87e724d0f17f30f

  These files will probably be moved into the stable distribution on
  its next revision.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA3JMiArxCt0PiXR4RAmLdAJ49eumuVLVG5nUWBAeJxDGTGaxWewCgrP00
emklR9M6PUQ+AmL2wf1Q96w=
=Bf1i
- - -----END PGP SIGNATURE-----

- --------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQOAtOIpao72zK539AQHIuQP/ZRP4RQfjPuAQYp39cYC1MU5A1Xrdgyg5
pS37HiKm5wLT8sQMFXlcQNzzlgnzjRD8xvdBRA0Kl4GFdDXZMGMH/eC+1HZIlgkO
eD138xPVVpx6Zr2w9HTLcw2PrYiNcBZW1ENXGF8mDFcE0btNw2ae6YFsxMfxN7Nm
3wKod9JGmLE=
=74Kc
-----END PGP SIGNATURE-----