Bug 110258 - CAN-2003-0789/CAN-2003-0542 Apache updates
CAN-2003-0789/CAN-2003-0542 Apache updates
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: httpd (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
David Lawrence
http://www.apache.org/dist/httpd/Anno...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-17 12:32 EST by Matthew Crawford
Modified: 2007-04-18 12:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-19 08:26:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Crawford 2003-11-17 12:32:48 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)

Description of problem:
Apache reports that both CVE CAN-2003-078 and CAN-2003-0542 needs to 
be patched for any version previous to 2.0.48. 

See http://www.apache.org/dist/httpd/Announcement2.html

mod_cgid mishandling of CGI redirect paths could result in CGI output 
going to the wrong client when a threaded MPM is used.
[CAN-2003-0789]

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not 
properly handle CGI redirect paths, which could cause Apache to send 
the output of a CGI program to the wrong client.

------------------------------

A buffer overflow could occur in mod_alias and mod_rewrite when a 
regular expression with more than 9 captures is configured.
[CAN-2003-0542]

Multiple stack-based buffer overflows in (1) mod_alias and (2) 
mod_rewrite for Apache could allow attackers to can create 
configuration files to cause a denial of service (crash) or execute 
arbitrary code via a regular expression with more than 9 captures.

Version-Release number of selected component (if applicable):
Anything before 2.0.48

How reproducible:
Always

Steps to Reproduce:
1. Have a version of apache before 2.0.48
2.
3.
    

Additional info:
Comment 1 Joe Orton 2003-11-18 09:30:09 EST
An erratum update will be available soon to fix this issue, test
packages are available here: http://people.redhat.com/jorton/9-httpd/
Comment 2 Mark J. Cox (Product Security) 2003-11-25 11:15:29 EST
Note: CAN-2003-0789 not CAN-2003-078
Comment 3 Barry K. Nathan 2003-12-15 04:01:59 EST
Joe Orton's packages actually did "eat [my] server" in a sense (but
that's OK):

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: Syntax error on line 349 of /etc/httpd/conf/httpd.conf:
Multiple <LocationMatch> arguments not (yet) supported.
                                                           [FAILED]

Using the httpd.conf from 2.0.40-21.5 instead of the one that comes
with 2.0.40-21.7 allows httpd to actually start and (as far as I can
tell) work...
Comment 4 Joe Orton 2003-12-15 04:10:08 EST
Oh, yes, the -21.7 packages are buggy... I'm just uploading -21.8
which don't have that problem.
Comment 5 Barry K. Nathan 2003-12-15 08:06:16 EST
I've verified that -21.8 isn't obviously buggy (that is, it seems to
run OK). I haven't pounded -21.8 hard, however, because the server on
which I tried -21.7 has just been migrated to Fedora Core.
Comment 6 Mark J. Cox (Product Security) 2003-12-19 08:26:33 EST
See RHSA-2003-320 for RHL9

Note You need to log in before you can comment on or make changes to this bug.