SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Web Server/CGI)  >   Apache Vendors:   Apache Software Foundation
Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
SecurityTracker Alert ID:  1011299
SecurityTracker URL:  http://securitytracker.com/id/1011299
CVE Reference:   CAN-2004-0786   (Links to External Site)
Date:  Sep 16 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.0.51
Description:   A vulnerability was reported in the Apache web server in the processing of IPv6 addresses. A remote user may be able to cause denial of service conditions.

The vendor reported that there is an input validation flaw in the IPv6 literal address parsing. A remote user may be able to cause a negative length parameter to be passed to a memcpy() function, resulting in a segmentation fault.

The flaw resides in 'apr-util/test/testuri.c' and 'apr-util/uri/apr_uri.c'.
Impact:   A remote user may be able to cause denial of service conditions.
Solution:   The vendor has issued a fixed version (2.0.51), available at:

http://httpd.apache.org/download.cgi?update=200409150645
Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 16 2004 (Red Hat Issues Fix for RHEL) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 3.
Sep 17 2004 (Fedora Issues Fix for apr-util for FC2) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service   (Joe Orton <jorton@redhat.com>)
Fedora has released a fix for Fedora Core 2.
Sep 17 2004 (Fedora Issues Fix for FC1) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service   (Joe Orton <jorton@redhat.com>)
Fedora has released a fix for Fedora Core 1.
Oct 15 2004 (Fedora Issues Fix) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service   (Marc Deslauriers <marcdeslauriers@videotron.ca>)
Fedora has released a fix for Red Hat Linux 9 and Fedora Core 1.
Oct 22 2004 (IBM Issues Fix for IBM HTTP Server) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
IBM has issued an interim fix for IBM HTTP Server, which is affected by this vulnerability.
Oct 27 2004 (HP Issues Fix for HP-UX) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
HP has issued a fixed version for HP-UX.
Oct 29 2004 (HP Issues Fix for CSWS) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
HP has issued an interim fix for the (Compaq) Secure Web Server.
Dec 2 2004 (Apple Issues Fix for OS X) Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
Apple has issued a fix for Apache on Mac OS X.


 Source Message Contents
Date:  Wed, 15 Sep 2004 20:50:27 +0200
Subject:  [ANNOUNCE] Apache HTTP Server 2.0.51 Released


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Apache Software Foundation and the  The Apache HTTP Server Project
are pleased to announce the release of version 2.0.51 of the Apache
HTTP Server ("Apache").  This Announcement notes the significant
changes in 2.0.51 as compared to 2.0.50.

This version of Apache is principally a bug fix release.  Of
particular note is that 2.0.51 addresses five security
vulnerabilities:

  An input validation issue in IPv6 literal address parsing which
  can result in a negative length parameter being passed to memcpy.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786]

  A buffer overflow in configuration file parsing could allow a
  local user to gain the privileges of a httpd child if the server
  can be forced to parse a carefully crafted .htaccess file.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747]

  A segfault in mod_ssl which can be triggered by a malicious
  remote server, if proxying to SSL servers has been configured.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751]

  A potential infinite loop in mod_ssl which could be triggered
  given particular timing of a connection abort.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748]

  A segfault in mod_dav_fs which can be remotely triggered by an
  indirect lock refresh request.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809]

The Apache HTTP Server Project would like to thank Codenomicon for
supplying copies of their "HTTP Test Tool" used to discover
CAN-2004-0786, and to SITIC for reporting the discovery of
CAN-2004-0747.

This release is compatible with modules compiled for 2.0.42 and
later versions.  We consider this release to be the best version of
Apache available and encourage users of all prior versions to
upgrade.

Apache HTTP Server 2.0.51 is available for download from

  http://httpd.apache.org/download.cgi?update=200409150645

Please see the CHANGES_2.0 file, linked from the above page, for
a full list of changes.

Apache 2.0 offers numerous enhancements, improvements, and performance
boosts over the 1.3 codebase.  For an overview of new features introduced
after 1.3 please see

  http://httpd.apache.org/docs-2.0/new_features_2_0.html

When upgrading or installing this version of Apache, please keep
in mind the following:
If you intend to use Apache with one of the threaded MPMs, you must
ensure that the modules (and the libraries they depend on) that you
will be using are thread-safe.  Please contact the vendors of these
modules to obtain this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBSIdJZjW2wN6IXdMRAqbGAJsFz8XbVkQvpmreh8sHE3DeACXUKwCeJkpF
gxDK5D1j00qUCzksg872i1c=
=ghiQ
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@httpd.apache.org
For additional commands, e-mail: announce-help@httpd.apache.org


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC