Bug 108639 - CAN-2003-0542 Local buffer overflow in mod_alias, mod_rewrite
Summary: CAN-2003-0542 Local buffer overflow in mod_alias, mod_rewrite
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: apache (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL: http://www.apacheweek.com/features/se...
Whiteboard:
Keywords: Security
: 102443 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-10-30 20:47 UTC by Simon Brady
Modified: 2007-04-18 16:58 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-18 09:24:29 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch against 1.3.27-3, backported from 1.3.29 (5.56 KB, patch)
2003-11-27 16:53 UTC, Jan Iven
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:405 normal SHIPPED_LIVE : Updated apache packages fix minor security vulnerability 2003-12-18 05:00:00 UTC

Description Simon Brady 2003-10-30 20:47:32 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

Description of problem:
There are locally exploitabe buffer overflows in mod_alias and mod_rewrite
(CAN-2003-0542) in apache < 1.3.29. These are a serious issue for providers
whose users can upload .htaccess files. Please upgrade (preferred) or backport
the fixes.

Version-Release number of selected component (if applicable):
apache-1.3.27-3

How reproducible:
Always

Steps to Reproduce:
1.Install apache-1.3.27
2.
3.
    

Actual Results:  My system is vulnerable to local attack

Expected Results:  It shouldn't be

Additional info:

This bug supercedes #102433.

Comment 1 Jan Iven 2003-11-27 16:53:24 UTC
Created attachment 96228 [details]
Proposed patch against 1.3.27-3, backported from 1.3.29

Backported patch, with revision number changed to indicate the hole has been
fixed (_please_ keep something like this, otherwise we'll never know on site
whetehr all machine have been fixed..). Compiles, but not tested yet.

Comment 2 Joe Orton 2003-12-09 16:50:35 UTC
*** Bug 102443 has been marked as a duplicate of this bug. ***

Comment 3 Jan Iven 2003-12-09 17:38:19 UTC
Btw, we have tested and deployed the patched version in production and
so far seem to run fine.

Comment 4 Mark J. Cox 2003-12-18 09:24:29 UTC
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2003-405.html



Note You need to log in before you can comment on or make changes to this bug.