Bug 967615 (CVE-2013-2765)

Summary: mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used
Product: [Other] Security Response Reporter: Athmane Madjoudj <athmanem>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: athmanem, dkopecek, jlieskov, jrusnack, pvrabec
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: impact=moderate,public=20130527,reported=20130527,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/mod_security=affected,epel-all/mod_security=affected,cwe=CWE-476[auto]
Fixed In Version: ModSecurity-2.7.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 967775, 967776    
Bug Blocks:    

Description Athmane Madjoudj 2013-05-27 15:26:04 UTC
Description of problem:


Modsecurity 2.7.4 was released today, according to the changelog there a null pointer dereference flaw


.....

Security Issues:

    * Fixed Remote Null Pointer DeReference (CVE-2013-2765). When forceRequestBodyVariable action is triggered and a unknown Content-Type is used,
      mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI).

......

URL: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES

Comment 1 Athmane Madjoudj 2013-05-27 15:35:12 UTC
PS.
I'm mod_security maintainer, I'll prepare an update once the child bugreports for fedora and epel are created.

Thanks.

Comment 3 Jan Lieskovsky 2013-05-28 10:07:46 UTC
This issue affects the versions of the mod_security package, as shipped with Fedora release of 17 and 18. Please schedule an update.

--

This issue affects the versions of the mod_security package, as shipped with Fedora EPEL-5 and Fedora EPEL-6. Please schedule an update.

Comment 4 Jan Lieskovsky 2013-05-28 10:08:33 UTC
Created mod_security tracking bugs for this issue

Affects: fedora-all [bug 967775]
Affects: epel-all [bug 967776]

Comment 5 Fedora Update System 2013-06-06 01:34:10 UTC
mod_security-2.7.3-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2013-06-06 01:39:07 UTC
mod_security-2.7.3-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2013-06-06 02:23:55 UTC
mod_security-2.7.3-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-06-12 20:08:12 UTC
mod_security-2.7.3-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2013-06-12 20:09:25 UTC
mod_security-2.6.8-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.