A rather old mod_python flaw has recently been brought to our attention by Kees Cook from Ubuntu. This flaw is described here: http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772@pixar.com%3e This flaw also affects RHEL2.1 and RHEL3.
Created attachment 149298 [details] Upstream patch
I'm not convinced this should be considered a security issue. The bug in question can only triggered by use of an output filter; such an output filter could already execute arbitrary code with the privileges of the "apache" user.
That was my initial impression as well, but after thinking about this flaw for a bit, it is possible for a remote users to leverage this to expose random memory. I'm thinking an instance where an attacker can cause the page in question to return a great deal of data, which would also contain our random memory. I know this is unlikely, which is why I've rated the flaw as low.
Fair enough. This issue only affects mod_python versions which work with httpd 2.x, so the RHEL2.1 mod_python package is not affected by this issue.
*** Bug 236578 has been marked as a duplicate of this bug. ***
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. We no longer plan to fix this flaw in Red Hat Enterprise Linux 4.