SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  Apache Vendors:  Apache Software Foundation
Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
SecurityTracker Alert ID:  1012414
SecurityTracker URL:  http://securitytracker.com/id?1012414
CVE Reference:  CAN-2004-1082   (Links to External Site)
Date:  Dec 3 2004
Impact:  User access via local system
Fix Available:  Yes   Vendor Confirmed:  Yes  
Description:  A vulnerability was reported in Apache mod_digest_apple. A remote user can replay previously recorded authentication credentials.

Apple reported that that a remote user may be able to exploit this flaw to gain access to the target web service.
Impact:  A remote user may be able to gain access to the target web service or an application running on the target web service.
Solution:  Apple has issued a fix as part of Security Update 2004-12-02, available at:

- Software Update preferences

- Apple Downloads:

http://www.apple.com/swupdates/
Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:  Authentication error
Underlying OS:  UNIX (OS X)
Underlying OS Comments:  Mac OS X Server v10.3.6, Mac OS X Server v10.2.8

Message History:   None.

 Source Message Contents
Date:  Thu, 2 Dec 2004 16:38:30 -0500
Subject:  [none]

 
 
Security Update 2004-12-02
 
Apache
Available for: Mac OS X Server v10.3.6, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1082 
Impact: Apache mod_digest_apple authentication is vulnerable to replay attacks.
Description: The Mac OS X Server specific mod_digest_apple is based on Apache's 
mod_digest. Multiple corrections for a replay problem in mod_digest were made in 
versions 1.3.31 and 1.3.32 of Apache (CAN-2003-0987). This update corrects the replay 
problem in mod_digest_apple authentication using the modifications made to Apache 
1.3.32.
 
 
Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X 
Server v10.2.8
CVE-ID: CAN-2003-0020, CAN-2003-0987, CAN-2004-0174, CAN-2004-0488, CAN-2004-0492, CAN-2004-0885, CAN
-2004-0940
Impact: Multiple vulnerabilities in Apache and mod_ssl including local privilege 
escalation, remote denial of service and in some modified configurations execution of 
arbitrary code.
Description: The Apache Group fixed a number of vulnerabilities between versions 1.3.29 
and 1.3.33. The Apache Group security page for Apache 1.3 is located at 
http://www.apacheweek.com/features/security-13. The previously installed version of 
Apache was 1.3.29. The default installation of Apache does not enable mod_ssl. This 
update fixes all of applicable issues by updating Apache to version 1.3.33 and the 
companion mod_ssl to version 2.8.22.
 
 
Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X 
Server v10.2.8
CVE-ID: CAN-2004-1083
Impact: Apache configurations did not fully block access to ".DS_Store" files or those 
starting with ".ht".
Description: A default Apache configuration blocks access to files starting with ".ht" 
in a case sensitive way. The Apple HFS+ filesystem performs file access in a case 
insensitive way. The Finder may also create .DS_Store files containing the names of 
files in locations used to serve web pages. This update modifies the Apache 
configuration to restricts access to all files beginning with ".ht" or ".DS_S" 
regardless of capitalization. More...
 
 
Apache
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X 
Server v10.2.8
CVE-ID: CAN-2004-1084
Impact: File data and resource fork content can be retrieved via HTTP bypassing normal 
Apache file handlers.
Description: The Apple HFS+ filesystem permits files to have multiple data streams. 
These data streams can be directly accessed using special filenames. A specially 
crafted HTTP request can bypass an Apache file handler and directly access file data or 
resource fork content. This update modifies the Apache configuration to deny requests 
for file data or resource fork content via their special filenames. For more 
information, see this document. Credit to NetSec for reporting this issue.
 
 
Apache 2
Available for: Mac OS X Server v10.3.6, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-0747, CAN-2004-0786, CAN-2004-0751, CAN-2004-0748
Impact: Modified Apache 2 configurations could permit a privilege escalation for local 
users and remote denial of service.
Description: A customer-modified Apache 2 configuration, where AllowOverride has been 
enabled, could permit a local user to execute arbitrary code as the Apache (www) user. 
An unmodified configuration is not vulnerable to this problem. This update also 
addresses bugs in Apache that could allow certain types of requests to crash the 
server. Apache is updated to version 2.0.52. Apache 2 ships only with Mac OS X Server, 
and is off by default.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC