Bug 967615 (CVE-2013-2765)

Summary: mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used
Product: [Other] Security Response Reporter: Athmane Madjoudj <athmanem>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: athmanem, dkopecek, jlieskov, jrusnack, pvrabec
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: impact=moderate,public=20130527,reported=20130527,source=researcher,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/mod_security=affected,epel-all/mod_security=affected,cwe=CWE-476[auto]
Fixed In Version: ModSecurity-2.7.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 967775, 967776    
Bug Blocks:    

Description Athmane Madjoudj 2013-05-27 11:26:04 EDT
Description of problem:


Modsecurity 2.7.4 was released today, according to the changelog there a null pointer dereference flaw


.....

Security Issues:

    * Fixed Remote Null Pointer DeReference (CVE-2013-2765). When forceRequestBodyVariable action is triggered and a unknown Content-Type is used,
      mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI).

......

URL: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
Comment 1 Athmane Madjoudj 2013-05-27 11:35:12 EDT
PS.
I'm mod_security maintainer, I'll prepare an update once the child bugreports for fedora and epel are created.

Thanks.
Comment 3 Jan Lieskovsky 2013-05-28 06:07:46 EDT
This issue affects the versions of the mod_security package, as shipped with Fedora release of 17 and 18. Please schedule an update.

--

This issue affects the versions of the mod_security package, as shipped with Fedora EPEL-5 and Fedora EPEL-6. Please schedule an update.
Comment 4 Jan Lieskovsky 2013-05-28 06:08:33 EDT
Created mod_security tracking bugs for this issue

Affects: fedora-all [bug 967775]
Affects: epel-all [bug 967776]
Comment 5 Fedora Update System 2013-06-05 21:34:10 EDT
mod_security-2.7.3-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2013-06-05 21:39:07 EDT
mod_security-2.7.3-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-06-05 22:23:55 EDT
mod_security-2.7.3-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-06-12 16:08:12 EDT
mod_security-2.7.3-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2013-06-12 16:09:25 EDT
mod_security-2.6.8-4.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.