Bug 231065 - (CVE-2004-2680) CVE-2004-2680 mod_python arbitrary data disclosure flaw
CVE-2004-2680 mod_python arbitrary data disclosure flaw
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Joe Orton
public=20040416,reported=20070302,sou...
: Security
: 236578 (view as bug list)
Depends On:
Blocks: 234251 426368
  Show dependency treegraph
 
Reported: 2007-03-05 16:57 EST by Josh Bressers
Modified: 2012-02-23 23:38 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-08-01 14:44:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch (582 bytes, patch)
2007-03-05 16:57 EST, Josh Bressers
no flags Details | Diff

  None (edit)
Description Josh Bressers 2007-03-05 16:57:41 EST
A rather old mod_python flaw has recently been brought to our attention by Kees
Cook from Ubuntu.

This flaw is described here:
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772@pixar.com%3e

This flaw also affects RHEL2.1 and RHEL3.
Comment 1 Josh Bressers 2007-03-05 16:57:41 EST
Created attachment 149298 [details]
Upstream patch
Comment 2 Joe Orton 2007-03-06 04:03:29 EST
I'm not convinced this should be considered a security issue.

The bug in question can only triggered by use of an output filter; such an
output filter could already execute arbitrary code with the privileges of the
"apache" user.
Comment 3 Josh Bressers 2007-03-06 07:33:47 EST
That was my initial impression as well, but after thinking about this flaw for a
bit, it is possible for a remote users to leverage this to expose random memory.
 I'm thinking an instance where an attacker can cause the page in question to
return a great deal of data, which would also contain our random memory.

I know this is unlikely, which is why I've rated the flaw as low.
Comment 4 Joe Orton 2007-03-06 08:34:34 EST
Fair enough.  This issue only affects mod_python versions which work with httpd
2.x, so the RHEL2.1 mod_python package is not affected by this issue.
Comment 6 Joe Orton 2007-04-16 11:44:28 EDT
*** Bug 236578 has been marked as a duplicate of this bug. ***
Comment 14 Josh Bressers 2011-08-01 14:44:52 EDT
Statement:

The Red Hat Security Response Team has rated this issue as having low security impact. We no longer plan to fix this flaw in Red Hat Enterprise Linux 4.

Note You need to log in before you can comment on or make changes to this bug.