Bug 131900 - CAN-2004-0747/51/86 Apache issues
Summary: CAN-2004-0747/51/86 Apache issues
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: httpd (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2004-09-06 15:04 UTC by Joe Orton
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-15 15:17:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:463 high SHIPPED_LIVE Moderate: httpd security update 2004-09-15 04:00:00 UTC

Description Joe Orton 2004-09-06 15:04:05 UTC
CAN-2004-0786 is an issue in the apr-util library in the parsing of
IPv6 literal addresses, and results in a negative length argument
being passed to a memcpy call.  This is not known to allow arbitrary
code execution.

CAN-2004-0747 is a buffer overflow in the parsing of configuration
directives (including .htaccess files), which allows possible
privilege escalation.

CAN-2004-0751 is an issue in mod_ssl where a request proxied to a
malicious remote SSL server (for instance using SSLProxyEngine On)
could  force a memcpy call with a negative length parameter.

CAN-2004-0747 and CAN-2004-0786 are embargoed until September 15th,
2004 at 14:00 BST.  CAN-2004-0751 was reported via the upstream
bugzilla database.

Comment 1 Mark J. Cox 2004-09-14 08:01:01 UTC

An issue was discovered in the mod_dav module which could be triggered
for a location where WebDAV authoring access has been configured. A
malicious remote client which is authorized to use the LOCK method
could force an httpd child process to crash by sending a particular
sequence of LOCK requests. This issue does not allow execution of
arbitrary code. This issue also does not represent a significant
Denial of Service attack as requests will continue to be handled by
other Apache child processes. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0809 to this

Comment 2 Josh Bressers 2004-09-15 14:01:16 UTC
Remove embargo

Comment 3 Josh Bressers 2004-09-15 15:17:42 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.