Bug 231065 (CVE-2004-2680)

Summary: CVE-2004-2680 mod_python arbitrary data disclosure flaw
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Joe Orton <jorton>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mpoole, tao
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-01 18:44:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 234251, 426368    
Attachments:
Description Flags
Upstream patch none

Description Josh Bressers 2007-03-05 21:57:41 UTC 
A rather old mod_python flaw has recently been brought to our attention by Kees
Cook from Ubuntu.

This flaw is described here:
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772@pixar.com%3e

This flaw also affects RHEL2.1 and RHEL3.
Comment 1 Josh Bressers 2007-03-05 21:57:41 UTC 
Created attachment 149298 [details]
Upstream patch
Comment 2 Joe Orton 2007-03-06 09:03:29 UTC 
I'm not convinced this should be considered a security issue.

The bug in question can only triggered by use of an output filter; such an
output filter could already execute arbitrary code with the privileges of the
"apache" user.
Comment 3 Josh Bressers 2007-03-06 12:33:47 UTC 
That was my initial impression as well, but after thinking about this flaw for a
bit, it is possible for a remote users to leverage this to expose random memory.
 I'm thinking an instance where an attacker can cause the page in question to
return a great deal of data, which would also contain our random memory.

I know this is unlikely, which is why I've rated the flaw as low.
Comment 4 Joe Orton 2007-03-06 13:34:34 UTC 
Fair enough.  This issue only affects mod_python versions which work with httpd
2.x, so the RHEL2.1 mod_python package is not affected by this issue.
Comment 6 Joe Orton 2007-04-16 15:44:28 UTC 
*** Bug 236578 has been marked as a duplicate of this bug. ***
Comment 14 Josh Bressers 2011-08-01 18:44:52 UTC 
Statement:

The Red Hat Security Response Team has rated this issue as having low security impact. We no longer plan to fix this flaw in Red Hat Enterprise Linux 4.