[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] Apache 2 DoS vulnerability; possibly remote exploit
- To: linux-security
- Subject: [linux-security] Apache 2 DoS vulnerability; possibly remote exploit
- From: Martin Siegert <siegert@sfu.ca>
- Date: Sat, 31 May 2003 16:38:39 -0700
- User-Agent: Mutt/1.4.1i
Topic
=====
DoS vulnerability and possibly remote exploit in Apache version 2
Problem Description
===================
Two vulnerabilities were discovered in the Apache web server that affect
all 2.x versions prior to 2.0.46. The first vulnerability could be triggered
remotely through mod_dav and possibly other mechanisms, causing an Apache
child process to crash resulting in a denial-of-service attack. This
vulnerability may also allow execution of arbitrary code.
The second vulnerability affects basic authentication on Unix platforms and
is related to thread-safety in apr_password_validate(). This vulnerabilty
can result in a DoS attack.
Affected Versions
=================
Apache versions 2.x prior to 2.0.46
Solution
========
upgrade to version 2.0.46 (or patched version for your distribution)
RedHat 8.0
----------
rpm -Fvh httpd-2.0.40-11.5.i386.rpm \
httpd-devel-2.0.40-11.5.i386.rpm \
httpd-manual-2.0.40-11.5.i386.rpm \
mod_ssl-2.0.40-11.5.i386.rpm
restart the web server afterwards: /etc/init.d/httpd restart
RedHat 9
--------
rpm -Fvh httpd-2.0.40-21.3.i386.rpm \
httpd-devel-2.0.40-21.3.i386.rpm \
httpd-manual-2.0.40-21.3.i386.rpm \
mod_ssl-2.0.40-21.3.i386.rpm
restart the web server afterwards: /etc/init.d/httpd restart
Mandrake 9.1
------------
rpm -Fvh apache-conf-2.0.45-2.1mdk.i586.rpm \
apache2-2.0.45-4.3mdk.i586.rpm \
apache2-common-2.0.45-4.3mdk.i586.rpm \
apache2-devel-2.0.45-4.3mdk.i586.rpm \
apache2-manual-2.0.45-4.3mdk.i586.rpm \
apache2-mod_dav-2.0.45-4.3mdk.i586.rpm \
apache2-mod_ldap-2.0.45-4.3mdk.i586.rpm \
apache2-mod_ssl-2.0.45-4.3mdk.i586.rpm \
apache2-modules-2.0.45-4.3mdk.i586.rpm \
apache2-source-2.0.45-4.3mdk.i586.rpm \
libapr0-2.0.45-4.3mdk.i586.rpm