Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 131900 - CAN-2004-0747/51/86 Apache issues
CAN-2004-0747/51/86 Apache issues
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: httpd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-09-06 11:04 EDT by Joe Orton
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-15 11:17:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:463 high SHIPPED_LIVE Moderate: httpd security update 2004-09-15 00:00:00 EDT

  None (edit)
Description Joe Orton 2004-09-06 11:04:05 EDT
CAN-2004-0786 is an issue in the apr-util library in the parsing of
IPv6 literal addresses, and results in a negative length argument
being passed to a memcpy call.  This is not known to allow arbitrary
code execution.

CAN-2004-0747 is a buffer overflow in the parsing of configuration
directives (including .htaccess files), which allows possible
privilege escalation.

CAN-2004-0751 is an issue in mod_ssl where a request proxied to a
malicious remote SSL server (for instance using SSLProxyEngine On)
could  force a memcpy call with a negative length parameter.

CAN-2004-0747 and CAN-2004-0786 are embargoed until September 15th,
2004 at 14:00 BST.  CAN-2004-0751 was reported via the upstream
bugzilla database.
Comment 1 Mark J. Cox 2004-09-14 04:01:01 EDT

An issue was discovered in the mod_dav module which could be triggered
for a location where WebDAV authoring access has been configured. A
malicious remote client which is authorized to use the LOCK method
could force an httpd child process to crash by sending a particular
sequence of LOCK requests. This issue does not allow execution of
arbitrary code. This issue also does not represent a significant
Denial of Service attack as requests will continue to be handled by
other Apache child processes. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0809 to this
Comment 2 Josh Bressers 2004-09-15 10:01:16 EDT
Remove embargo
Comment 3 Josh Bressers 2004-09-15 11:17:42 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.