Red Hat Bugzilla – Bug 110258
CAN-2003-0789/CAN-2003-0542 Apache updates
Last modified: 2007-04-18 12:59:32 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)
Description of problem:
Apache reports that both CVE CAN-2003-078 and CAN-2003-0542 needs to
be patched for any version previous to 2.0.48.
mod_cgid mishandling of CGI redirect paths could result in CGI output
going to the wrong client when a threaded MPM is used.
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not
properly handle CGI redirect paths, which could cause Apache to send
the output of a CGI program to the wrong client.
A buffer overflow could occur in mod_alias and mod_rewrite when a
regular expression with more than 9 captures is configured.
Multiple stack-based buffer overflows in (1) mod_alias and (2)
mod_rewrite for Apache could allow attackers to can create
configuration files to cause a denial of service (crash) or execute
arbitrary code via a regular expression with more than 9 captures.
Version-Release number of selected component (if applicable):
Anything before 2.0.48
Steps to Reproduce:
1. Have a version of apache before 2.0.48
An erratum update will be available soon to fix this issue, test
packages are available here: http://people.redhat.com/jorton/9-httpd/
Note: CAN-2003-0789 not CAN-2003-078
Joe Orton's packages actually did "eat [my] server" in a sense (but
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: Syntax error on line 349 of /etc/httpd/conf/httpd.conf:
Multiple <LocationMatch> arguments not (yet) supported.
Using the httpd.conf from 2.0.40-21.5 instead of the one that comes
with 2.0.40-21.7 allows httpd to actually start and (as far as I can
Oh, yes, the -21.7 packages are buggy... I'm just uploading -21.8
which don't have that problem.
I've verified that -21.8 isn't obviously buggy (that is, it seems to
run OK). I haven't pounded -21.8 hard, however, because the server on
which I tried -21.7 has just been migrated to Fedora Core.
See RHSA-2003-320 for RHL9