Bug 66905
Summary: | chunk-encoded HTTP vulnerability | ||
---|---|---|---|
Product: | [Retired] Stronghold Cross Platform | Reporter: | Need Real Name <nrosenb2> |
Component: | apache | Assignee: | Mark J. Cox <mjc> |
Status: | CLOSED ERRATA | QA Contact: | Stronghold Engineering List <stronghold-eng-list> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 4.0 | CC: | basil, lablua, mp |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | sparc | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2002-06-20 13:30:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Need Real Name
2002-06-18 11:31:31 UTC
Anyone care to give it a run? http://www.iddl.vt.edu/~jackie/apache-1.3.26-0.src.rpm http://www.iddl.vt.edu/~jackie/apache-1.3.26-0.i386.rpm http://www.iddl.vt.edu/~jackie/apache-devel-1.3.26-0.i386.rpm http://www.iddl.vt.edu/~jackie/apache-manual-1.3.26-0.i386.rpm Official errata packages will be available from the URL below shortly, once they have gone through our QA and release procedure. http://rhn.redhat.com/errata/RHSA-2002-103.html It has been proven to work on *nix/32, despite what Apache.org declared. Please have a look at this code: http://online.securityfocus.com/attachment/2002-06-20/apache-scalp.c The RPM fix for this issue from Red Hat Network leaves the httpd stopped. It does not restart it if it was started when the update agent process was started. This seems like The Wrong Thing to do, IMHO. Note that this bug was filed against the Stronghold product. New builds of Stronghold 3 are now available from http://stronghold.redhat.com/sh3/ which include a fix for this problem. For Red Hat Linux, see http://rhn.redhat.com/errata/RHSA-2002-103.html as mentioned above. |