Linux Security
    Linux Security
    Linux Security

    Debian: apache Buffer overflow vulnerability

    Posted By
    A remote user could potentially cause arbitrary code to be executed with the privileges of an Apache httpd child process (by default, user www-data).
    Debian Security Advisory DSA 525-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    June 24th, 2004                
    - --------------------------------------------------------------------------
    Package        : apache
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2004-0492
    Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy
    module, whereby a remote user could potentially cause arbitrary code
    to be executed with the privileges of an Apache httpd child process
    (by default, user www-data).  Note that this bug is only exploitable
    if the mod_proxy module is in use.
    Note that this bug exists in a module in the apache-common package,
    shared by apache, apache-ssl and apache-perl, so this update is
    sufficient to correct the bug for all three builds of Apache httpd.
    However, on systems using apache-ssl or apache-perl, httpd will not
    automatically be restarted.
    For the current stable distribution (woody), this problem has been
    fixed in version 1.3.26-0woody5.
    For the unstable distribution (sid), this problem has been fixed in
    version 1.3.31-2.
    We recommend that you update your apache package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      668 728e205962ce1f02155cdeeae3b33596
          Size/MD5 checksum:   299155 1f6504cbb56e55b0b67b5f911dc7601a
          Size/MD5 checksum:  2586182 5cd778bbe6906b5ef39dbb7ef801de61
      Architecture independent components:
          Size/MD5 checksum:  1129912 25ce8bbf0d753fa2b7a6e26c32f34789
      Alpha architecture:
          Size/MD5 checksum:   395496 3681480dcd48c186aa3759e7a3aeabe0
          Size/MD5 checksum:   925884 5deb71887a2bda9b51a84d52809ee96d
          Size/MD5 checksum:   713886 ef9f3a034e9e995397c966c4ccb1ba14
      ARM architecture:
          Size/MD5 checksum:   361138 20108dbf929f356aeb02d9adf40317c7
          Size/MD5 checksum:   838572 bace0690140cc427ae34bc82a169ebd1
          Size/MD5 checksum:   544356 7ebfaea0a36f5661c82f8facbeb97199
      Intel IA-32 architecture:
          Size/MD5 checksum:   353488 0cb1fefd1daf2f3d3d74bc837e5dcee6
          Size/MD5 checksum:   822024 8f94a40d22fe86da3a513945745b46bd
          Size/MD5 checksum:   536422 18bec488eb2cb1f08234d063f3f018fc
      Intel IA-64 architecture:
          Size/MD5 checksum:   436866 d73b9c14b39b1ce3cecdf25c4bb7b4d3
          Size/MD5 checksum:  1012118 70574b1082626c0a63e4214ed2565965
          Size/MD5 checksum:   949112 f455cbafb0be5fdbb61841e5f538f649
      HP Precision architecture:
          Size/MD5 checksum:   386164 2b45089dda26eba6c04313b636ac6d90
          Size/MD5 checksum:   891114 b777e3971bfcf3fabcd8f00a6356f193
          Size/MD5 checksum:   587064 b06b99057dce7e6501e716d65f8e75f9
      Motorola 680x0 architecture:
          Size/MD5 checksum:   347890 5d0c289522098f0f209df8444bb59b9e
          Size/MD5 checksum:   820892 ec0656021adabae1022b461b882775b0
          Size/MD5 checksum:   537236 280185606f9d5160454bc355818007fa
      Big endian MIPS architecture:
          Size/MD5 checksum:   376464 a94cf93b405cf05372fc5d4f8bf7672f
          Size/MD5 checksum:   843944 cb9e216b23a38b6d39296ce8b7ccf996
          Size/MD5 checksum:   576406 7cfff44064ce0f2a02c9cbb97b068d83
      Little endian MIPS architecture:
          Size/MD5 checksum:   376518 770cd115049bb2158e201549cc35520a
          Size/MD5 checksum:   842596 3b85507e74eb531d61429befd63ece53
          Size/MD5 checksum:   565592 2399177b56c48b52abe29ff6a48d5299
      PowerPC architecture:
          Size/MD5 checksum:   366994 679d12a1cef75a8aa5b3408ab5c0bd79
          Size/MD5 checksum:   846036 7188ed09e4fc2a18fbb426516f57fe8b
          Size/MD5 checksum:   558974 e42357dd7be10c9bbc2b36a865792f5b
      IBM S/390 architecture:
          Size/MD5 checksum:   363750 c5e1a6db42fce09c1e4076640894cb4f
          Size/MD5 checksum:   832464 3df3958b908e8f3acbe05f3e6acc032f
          Size/MD5 checksum:   559418 ef6af5cb54b3f4da25be386bf2c89ec7
      Sun Sparc architecture:
          Size/MD5 checksum:   360892 ed75775f79c9ed173c9e0baf2450be01
          Size/MD5 checksum:   847292 b54050e25ac6166e390dd72018538bcf
          Size/MD5 checksum:   544812 d3b7f0401f78d5f4d87e724d0f17f30f
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.