Bug 231065 (CVE-2004-2680) - CVE-2004-2680 mod_python arbitrary data disclosure flaw
Summary: CVE-2004-2680 mod_python arbitrary data disclosure flaw
Alias: CVE-2004-2680
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact:
Whiteboard: public=20040416,reported=20070302,sou...
Keywords: Security
: 236578 (view as bug list)
Depends On:
Blocks: 234251 426368
TreeView+ depends on / blocked
Reported: 2007-03-05 21:57 UTC by Josh Bressers
Modified: 2012-02-24 04:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-08-01 18:44:52 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Upstream patch (582 bytes, patch)
2007-03-05 21:57 UTC, Josh Bressers
no flags Details | Diff

Description Josh Bressers 2007-03-05 21:57:41 UTC
A rather old mod_python flaw has recently been brought to our attention by Kees
Cook from Ubuntu.

This flaw is described here:

This flaw also affects RHEL2.1 and RHEL3.

Comment 1 Josh Bressers 2007-03-05 21:57:41 UTC
Created attachment 149298 [details]
Upstream patch

Comment 2 Joe Orton 2007-03-06 09:03:29 UTC
I'm not convinced this should be considered a security issue.

The bug in question can only triggered by use of an output filter; such an
output filter could already execute arbitrary code with the privileges of the
"apache" user.

Comment 3 Josh Bressers 2007-03-06 12:33:47 UTC
That was my initial impression as well, but after thinking about this flaw for a
bit, it is possible for a remote users to leverage this to expose random memory.
 I'm thinking an instance where an attacker can cause the page in question to
return a great deal of data, which would also contain our random memory.

I know this is unlikely, which is why I've rated the flaw as low.

Comment 4 Joe Orton 2007-03-06 13:34:34 UTC
Fair enough.  This issue only affects mod_python versions which work with httpd
2.x, so the RHEL2.1 mod_python package is not affected by this issue.

Comment 6 Joe Orton 2007-04-16 15:44:28 UTC
*** Bug 236578 has been marked as a duplicate of this bug. ***

Comment 14 Josh Bressers 2011-08-01 18:44:52 UTC

The Red Hat Security Response Team has rated this issue as having low security impact. We no longer plan to fix this flaw in Red Hat Enterprise Linux 4.

Note You need to log in before you can comment on or make changes to this bug.