Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 77338 - Apache and mod_ssl updates
Summary: Apache and mod_ssl updates
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: apache
Version: 2.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-11-05 13:41 UTC by Mark J. Cox
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-09-09 15:13:48 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2002:251 normal SHIPPED_LIVE Important: apache security update 2002-10-07 04:00:00 UTC

Description Mark J. Cox 2002-11-05 13:41:49 UTC
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27, and Apache versions 2.x prior to 2.0.43, allow a
malicious Web server to cause a denial of service and possibly execute
arbitrary code via a long response. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2002-0843 to this issue.

Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use. These issues would allow remote
attackers to execute scripts as other Web page visitors, for instance, to
steal cookies. These issues affect versions of Apache 1.3 before 1.3.26,
versions of Apache 2.0 before 2.0.43, and versions of mod_ssl before
2.8.12. The Common Vulnerabilities and Exposures project has assigned the
names CAN-2002-0840 and CAN-2002-1157 to these issues.

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27, allowed a user running as the "apache" UID to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0839 to this issue.

Comment 1 Nalin Dahyabhai 2002-11-05 16:42:32 UTC
*** Bug 77318 has been marked as a duplicate of this bug. ***

Comment 3 Mark J. Cox 2003-09-09 15:13:49 UTC
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2002-251.html


Comment 4 Mark J. Cox 2003-09-09 15:14:31 UTC
(missed closing this off earlier as it wasn't marked at security level)


Note You need to log in before you can comment on or make changes to this bug.