Bug 1326320 (CVE-2016-3110) - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server
Summary: CVE-2016-3110 mod_cluster: remotely Segfault Apache http server
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-3110
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20160822,repor...
Depends On: 1374211 1326325 1326327 1326328 1338646 1374210
Blocks: 1326299
TreeView+ depends on / blocked
 
Reported: 2016-04-12 12:11 UTC by Timothy Walsh
Modified: 2019-06-11 11:13 UTC (History)
28 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP).
Clone Of:
Environment:
Last Closed: 2019-06-08 02:50:37 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1648 normal SHIPPED_LIVE Important: Red Hat JBoss Web Server 2.1.1 security update on RHEL 7 2016-08-22 22:07:56 UTC
Red Hat Product Errata RHSA-2016:1649 normal SHIPPED_LIVE Important: Red Hat JBoss Web Server 2.1.1 security update on RHEL 6 2016-08-22 22:07:30 UTC
Red Hat Product Errata RHSA-2016:1650 normal SHIPPED_LIVE Important: Red Hat JBoss Web Server 2.1.1 security update 2016-08-22 22:07:23 UTC
Red Hat Product Errata RHSA-2016:2054 normal SHIPPED_LIVE Moderate: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7 2017-03-23 22:23:49 UTC
Red Hat Product Errata RHSA-2016:2055 normal SHIPPED_LIVE Moderate: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 6 2017-02-21 05:08:14 UTC
Red Hat Product Errata RHSA-2016:2056 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 6.4.10 update 2016-10-12 20:57:34 UTC

Description Timothy Walsh 2016-04-12 12:11:43 UTC
It is possible to remotely Segfault
Apache http server with a specially crafted string
sent to the mod_cluster via service messages (MCMP).

Only the VirtualHost explicitly enabled by an administrator
to receive service messages from worker nodes (Tomcat or EAP workers).
Unless the administrator made a grave mistake in opening an
unsecured mod_cluster management VirtualHost to
the Internet without any authentication, it is impossible
to exploit this bug from an untrusted client.

Special set of mod_cluster management protocol HTTP method
requests. One could pass a certain number of = symbols
in sequence after a legitimate element and cause segfault.

Comment 1 Timothy Walsh 2016-04-12 12:11:54 UTC
Acknowledgments:

Name: Michal Karm Babacek

Comment 5 errata-xmlrpc 2016-08-22 18:09:24 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 2.1.1

Via RHSA-2016:1650 https://rhn.redhat.com/errata/RHSA-2016-1650.html

Comment 6 errata-xmlrpc 2016-08-22 18:11:14 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Web Server 2 for RHEL 6

Via RHSA-2016:1649 https://rhn.redhat.com/errata/RHSA-2016-1649.html

Comment 7 errata-xmlrpc 2016-08-22 18:12:07 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Web Server 2 for RHEL 7

Via RHSA-2016:1648 https://rhn.redhat.com/errata/RHSA-2016-1648.html

Comment 8 Timothy Walsh 2016-09-08 09:07:27 UTC
Created mod_cluster tracking bugs for this issue:

Affects: fedora-all [bug 1374210]
Affects: epel-6 [bug 1374211]

Comment 9 errata-xmlrpc 2016-10-12 16:59:42 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4.10

Via RHSA-2016:2056 https://rhn.redhat.com/errata/RHSA-2016-2056.html

Comment 10 errata-xmlrpc 2016-10-12 17:08:35 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7

Via RHSA-2016:2054 https://rhn.redhat.com/errata/RHSA-2016-2054.html

Comment 11 errata-xmlrpc 2016-10-12 17:19:19 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6

Via RHSA-2016:2055 https://rhn.redhat.com/errata/RHSA-2016-2055.html


Note You need to log in before you can comment on or make changes to this bug.