Debian: apache Buffer overflow vulnerability

    Date25 Jun 2004
    CategoryDebian
    2578
    Posted ByLinuxSecurity Advisories
    A remote user could potentially cause arbitrary code to be executed with the privileges of an Apache httpd child process (by default, user www-data).
    
    Debian Security Advisory DSA 525-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    June 24th, 2004                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : apache
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2004-0492
    
    Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy
    module, whereby a remote user could potentially cause arbitrary code
    to be executed with the privileges of an Apache httpd child process
    (by default, user www-data).  Note that this bug is only exploitable
    if the mod_proxy module is in use.
    
    Note that this bug exists in a module in the apache-common package,
    shared by apache, apache-ssl and apache-perl, so this update is
    sufficient to correct the bug for all three builds of Apache httpd.
    However, on systems using apache-ssl or apache-perl, httpd will not
    automatically be restarted.
    
    For the current stable distribution (woody), this problem has been
    fixed in version 1.3.26-0woody5.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.3.31-2.
    
    We recommend that you update your apache package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5.dsc
          Size/MD5 checksum:      668 728e205962ce1f02155cdeeae3b33596
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5.diff.gz
          Size/MD5 checksum:   299155 1f6504cbb56e55b0b67b5f911dc7601a
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz
          Size/MD5 checksum:  2586182 5cd778bbe6906b5ef39dbb7ef801de61
    
      Architecture independent components:
    
         http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody5_all.deb
          Size/MD5 checksum:  1129912 25ce8bbf0d753fa2b7a6e26c32f34789
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_alpha.deb
          Size/MD5 checksum:   395496 3681480dcd48c186aa3759e7a3aeabe0
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_alpha.deb
          Size/MD5 checksum:   925884 5deb71887a2bda9b51a84d52809ee96d
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_alpha.deb
          Size/MD5 checksum:   713886 ef9f3a034e9e995397c966c4ccb1ba14
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_arm.deb
          Size/MD5 checksum:   361138 20108dbf929f356aeb02d9adf40317c7
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_arm.deb
          Size/MD5 checksum:   838572 bace0690140cc427ae34bc82a169ebd1
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_arm.deb
          Size/MD5 checksum:   544356 7ebfaea0a36f5661c82f8facbeb97199
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_i386.deb
          Size/MD5 checksum:   353488 0cb1fefd1daf2f3d3d74bc837e5dcee6
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_i386.deb
          Size/MD5 checksum:   822024 8f94a40d22fe86da3a513945745b46bd
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_i386.deb
          Size/MD5 checksum:   536422 18bec488eb2cb1f08234d063f3f018fc
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_ia64.deb
          Size/MD5 checksum:   436866 d73b9c14b39b1ce3cecdf25c4bb7b4d3
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_ia64.deb
          Size/MD5 checksum:  1012118 70574b1082626c0a63e4214ed2565965
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_ia64.deb
          Size/MD5 checksum:   949112 f455cbafb0be5fdbb61841e5f538f649
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_hppa.deb
          Size/MD5 checksum:   386164 2b45089dda26eba6c04313b636ac6d90
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_hppa.deb
          Size/MD5 checksum:   891114 b777e3971bfcf3fabcd8f00a6356f193
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_hppa.deb
          Size/MD5 checksum:   587064 b06b99057dce7e6501e716d65f8e75f9
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_m68k.deb
          Size/MD5 checksum:   347890 5d0c289522098f0f209df8444bb59b9e
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_m68k.deb
          Size/MD5 checksum:   820892 ec0656021adabae1022b461b882775b0
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_m68k.deb
          Size/MD5 checksum:   537236 280185606f9d5160454bc355818007fa
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_mips.deb
          Size/MD5 checksum:   376464 a94cf93b405cf05372fc5d4f8bf7672f
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_mips.deb
          Size/MD5 checksum:   843944 cb9e216b23a38b6d39296ce8b7ccf996
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_mips.deb
          Size/MD5 checksum:   576406 7cfff44064ce0f2a02c9cbb97b068d83
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_mipsel.deb
          Size/MD5 checksum:   376518 770cd115049bb2158e201549cc35520a
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_mipsel.deb
          Size/MD5 checksum:   842596 3b85507e74eb531d61429befd63ece53
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_mipsel.deb
          Size/MD5 checksum:   565592 2399177b56c48b52abe29ff6a48d5299
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_powerpc.deb
          Size/MD5 checksum:   366994 679d12a1cef75a8aa5b3408ab5c0bd79
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_powerpc.deb
          Size/MD5 checksum:   846036 7188ed09e4fc2a18fbb426516f57fe8b
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_powerpc.deb
          Size/MD5 checksum:   558974 e42357dd7be10c9bbc2b36a865792f5b
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_s390.deb
          Size/MD5 checksum:   363750 c5e1a6db42fce09c1e4076640894cb4f
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_s390.deb
          Size/MD5 checksum:   832464 3df3958b908e8f3acbe05f3e6acc032f
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_s390.deb
          Size/MD5 checksum:   559418 ef6af5cb54b3f4da25be386bf2c89ec7
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_sparc.deb
          Size/MD5 checksum:   360892 ed75775f79c9ed173c9e0baf2450be01
         http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_sparc.deb
          Size/MD5 checksum:   847292 b54050e25ac6166e390dd72018538bcf
         http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_sparc.deb
          Size/MD5 checksum:   544812 d3b7f0401f78d5f4d87e724d0f17f30f
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.