Debian: libapache-mod-dav potential denial of service

    Date06 Oct 2004
    CategoryDebian
    2612
    Posted ByLinuxSecurity Advisories
    Julian Reschke reported a problem in mod_dav of Apache 2 in connection with a NULL pointer dereference. When running in a threaded model, especially with Apache 2, a segmentation fault can take out a whole process and hence create a denial of service for the whole server.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 558-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    October 6th, 2004                        http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : libapache-mod-dav
    Vulnerability  : null pointer dereference
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0809
    
    Julian Reschke reported a problem in mod_dav of Apache 2 in connection
    with a NULL pointer dereference.  When running in a threaded model,
    especially with Apache 2, a segmentation fault can take out a whole
    process and hence create a denial of service for the whole server.
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.0.3-3.1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of
    Apache 2.
    
    We recommend that you upgrade your mod_dav packages.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.dsc
          Size/MD5 checksum:      645 5b405cd8fe0471edd793343ef8237b26
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.diff.gz
          Size/MD5 checksum:     4523 94edc74f33414e93af4ca7fa849b3fb3
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3.orig.tar.gz
          Size/MD5 checksum:   185284 ba83f2aa6e13b216a11d465b82aab484
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_alpha.deb
          Size/MD5 checksum:    96522 7e5d5d2184629de6be880eb0650d7fd1
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_arm.deb
          Size/MD5 checksum:    81860 fbe2d647e0037436d710ee857c947a52
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_i386.deb
          Size/MD5 checksum:    80122 dfaab95268192557f711ab9fbd7f9f9b
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_ia64.deb
          Size/MD5 checksum:   116596 bb369037b3d2ee0110c15d0b085a410b
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_hppa.deb
          Size/MD5 checksum:    90406 fc707743732c491c29bfdb21d469736f
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_m68k.deb
          Size/MD5 checksum:    80030 1b434a6598c06e23f3bb253867f59ae5
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mips.deb
          Size/MD5 checksum:    84944 a422f253d772ca1c2dae84bac0bb79ea
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mipsel.deb
          Size/MD5 checksum:    85094 4cf00ccacd87e2295af6618987950e13
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_powerpc.deb
          Size/MD5 checksum:    84516 853b2929e7f371e79f153f6c57414a1f
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_s390.deb
          Size/MD5 checksum:    82424 7f092c974abfe792278c925bdd345775
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_sparc.deb
          Size/MD5 checksum:    92438 77bdcf29501a581a1cb768af644c923b
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.