Bug 769844 (CVE-2011-3607)
Summary: | CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Ramon de C Valle <rcvalle> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bressers, jkaluza, jorton, pcheung, rcvalle, security-response-team, weli, wnefal+redhatbugzilla |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | httpd 2.2.22 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-05-07 19:34:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 746695, 746696, 746697, 785070, 787596, 787597, 787598, 787599 | ||
Bug Blocks: | 750936 |
Description
Ramon de C Valle
2011-12-22 13:44:51 UTC
This issue was originally tracked with CVE-2011-4415 via bug #750935. Patch for this issue was added upstream to trunk (future 2.4.x httpd versions) via following commit: http://svn.apache.org/viewvc?view=revision&revision=1198940 That fix is not applicable to older httpd versions, such as 2.2.x. There still on-going upstream discussion on how to address this in older httpd versions: http://thread.gmane.org/gmane.comp.apache.devel/46260 There are still no follow up on this discussion. Following fix is already committed in upstream SVN for 2.2.x: http://svn.apache.org/viewvc?view=revision&revision=1227280 Theese are the only exploits/reproducers currently available/released for this: http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0128 https://rhn.redhat.com/errata/RHSA-2012-0128.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0323 https://rhn.redhat.com/errata/RHSA-2012-0323.html This issue has been addressed in following products: JBoss Enterprise Web Server 1.0.2 Via RHSA-2012:0543 https://rhn.redhat.com/errata/RHSA-2012-0543.html This issue has been addressed in following products: JBEWS 1.0 for RHEL 5 JBEWS 1.0 for RHEL 6 Via RHSA-2012:0542 https://rhn.redhat.com/errata/RHSA-2012-0542.html |