Bug 110258 - CAN-2003-0789/CAN-2003-0542 Apache updates
Summary: CAN-2003-0789/CAN-2003-0542 Apache updates
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: httpd (Show other bugs)
(Show other bugs)
Version: 9
Hardware: All Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL: http://www.apache.org/dist/httpd/Anno...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2003-11-17 17:32 UTC by Matthew Crawford
Modified: 2007-04-18 16:59 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-12-19 13:26:33 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Matthew Crawford 2003-11-17 17:32:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)

Description of problem:
Apache reports that both CVE CAN-2003-078 and CAN-2003-0542 needs to 
be patched for any version previous to 2.0.48. 

See http://www.apache.org/dist/httpd/Announcement2.html

mod_cgid mishandling of CGI redirect paths could result in CGI output 
going to the wrong client when a threaded MPM is used.

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not 
properly handle CGI redirect paths, which could cause Apache to send 
the output of a CGI program to the wrong client.


A buffer overflow could occur in mod_alias and mod_rewrite when a 
regular expression with more than 9 captures is configured.

Multiple stack-based buffer overflows in (1) mod_alias and (2) 
mod_rewrite for Apache could allow attackers to can create 
configuration files to cause a denial of service (crash) or execute 
arbitrary code via a regular expression with more than 9 captures.

Version-Release number of selected component (if applicable):
Anything before 2.0.48

How reproducible:

Steps to Reproduce:
1. Have a version of apache before 2.0.48

Additional info:

Comment 1 Joe Orton 2003-11-18 14:30:09 UTC
An erratum update will be available soon to fix this issue, test
packages are available here: http://people.redhat.com/jorton/9-httpd/

Comment 2 Mark J. Cox 2003-11-25 16:15:29 UTC
Note: CAN-2003-0789 not CAN-2003-078

Comment 3 Barry K. Nathan 2003-12-15 09:01:59 UTC
Joe Orton's packages actually did "eat [my] server" in a sense (but
that's OK):

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: Syntax error on line 349 of /etc/httpd/conf/httpd.conf:
Multiple <LocationMatch> arguments not (yet) supported.

Using the httpd.conf from 2.0.40-21.5 instead of the one that comes
with 2.0.40-21.7 allows httpd to actually start and (as far as I can
tell) work...

Comment 4 Joe Orton 2003-12-15 09:10:08 UTC
Oh, yes, the -21.7 packages are buggy... I'm just uploading -21.8
which don't have that problem.

Comment 5 Barry K. Nathan 2003-12-15 13:06:16 UTC
I've verified that -21.8 isn't obviously buggy (that is, it seems to
run OK). I haven't pounded -21.8 hard, however, because the server on
which I tried -21.7 has just been migrated to Fedora Core.

Comment 6 Mark J. Cox 2003-12-19 13:26:33 UTC
See RHSA-2003-320 for RHL9

Note You need to log in before you can comment on or make changes to this bug.