SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache HTTPD Vendors:   Apache Software Foundation
(Caldera Issues Fix for Linux) Re: Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
SecurityTracker Alert ID:  1004620
SecurityTracker URL:  http://securitytracker.com/id/1004620
CVE Reference:   CVE-2002-0392   (Links to External Site)
Date:  Jun 25 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.3.24 and prior
Description:   ISS X-Force has reported a vulnerability in the Apache web server. A remote user may be able to cause arbitrary code to be executed on the server.

ISS reports that Apache contains a flaw in the code that calculates the size of HTTP "chunked" encoding data. A remote user can send specially crafted data to the server to trigger a signal race condition or heap overflow. If a heap overflow occurs, the remote user could execute arbitrary code on the system with the privileges of the web server.

ISS X-Force indicates that a remote user can indeed execute arbitrary code on the Windows-based (win32) version of Apache 1.3.24. The report notes that Apache versions 1.x for Unix/Linux contains the same source code flaw but that ISS X-Force believes that successful execution of arbitrary code on most Unix platforms is unlikely [Editor's note: no specific reason was provided.].

Impact:   A remote user may be able to cause the web server to become unstable or cause arbitrary code to be executed on the system with the privileges of the Apache daemon.
Solution:   Caldera has issued a fix for Linux.

For OpenLinux 3.1.1 Server:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

Packages

f2f7e9ce5ea54e69d7275393c22630fe apache-1.3.22-6.i386.rpm
c17b06f0057f1728a46eae1e98e68162 apache-devel-1.3.22-6.i386.rpm
6d9e8504f28986f4a1d7a4e0e3213566 apache-doc-1.3.22-6.i386.rpm

Installation

rpm -Fvh apache-1.3.22-6.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

Source Packages

be49e9dd27ee59ca92047c14bd3dc170 apache-1.3.22-6.src.rpm


For OpenLinux 3.1.1 Workstation:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

Packages

f97e188e91238ca9da0a5166a69304c4 apache-1.3.22-6.i386.rpm
eb4d50309740a5c5a922e48357e76f93 apache-devel-1.3.22-6.i386.rpm
a9855218c3b3e43c02315f19e76edc0b apache-doc-1.3.22-6.i386.rpm

Installation

rpm -Fvh apache-1.3.22-6.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

Source Packages

de01c304396d9f99e39ac07739d51a98 apache-1.3.22-6.src.rpm


For OpenLinux 3.1 Server:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

Packages

1f3fc745848367bca81d567ddfe3da30 apache-1.3.22-6.i386.rpm
fecf254f55ef9424c14897bf809a34c8 apache-devel-1.3.22-6.i386.rpm
de2a877889489b07fc2e873cd2fb74bb apache-doc-1.3.22-6.i386.rpm

Installation

rpm -Fvh apache-1.3.22-6.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

Source Packages

a8a9d123784e4f6995b3ec696924b5d8 apache-1.3.22-6.src.rpm


For OpenLinux 3.1 Workstation:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

Packages

f98ee1d900a26571613367e00a5916b8 apache-1.3.22-6.i386.rpm
12e7d9ff5fe04e6d4884a02db248bc8b apache-devel-1.3.22-6.i386.rpm
9096714909c70c99273e78b10ace3ce4 apache-doc-1.3.22-6.i386.rpm

Installation

rpm -Fvh apache-1.3.22-6.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

Source Packages

977a132032c7f6df823bda2ae8397fca apache-1.3.22-6.src.rpm

Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux 3.1, 3.1.1; Workstation and Server

Message History:   This archive entry is a follow-up to the message listed below.
Jun 17 2002 Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server



 Source Message Contents

Subject:  Security Update: [CSSA-2002-029.0] Linux: Apache Web Server Chunk Handling Vulnerability


--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: Apache Web Server Chunk Handling Vulnerability
Advisory number: 	CSSA-2002-029.0
Issue date: 		2002 June 20
Cross reference:
______________________________________________________________________________


1. Problem Description

	There is a remotely exploitable vulnerability in the handling
	of large chunks of data in web servers that are based on Apache
	source code.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to apache-1.3.22-6.i386.rpm
					prior to apache-devel-1.3.22-6.i386.rpm
					prior to apache-doc-1.3.22-6.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to apache-1.3.22-6.i386.rpm
					prior to apache-devel-1.3.22-6.i386.rpm
					prior to apache-doc-1.3.22-6.i386.rpm

	OpenLinux 3.1 Server		prior to apache-1.3.22-6.i386.rpm
					prior to apache-devel-1.3.22-6.i386.rpm
					prior to apache-doc-1.3.22-6.i386.rpm

	OpenLinux 3.1 Workstation	prior to apache-1.3.22-6.i386.rpm
					prior to apache-devel-1.3.22-6.i386.rpm
					prior to apache-doc-1.3.22-6.i386.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

	4.2 Packages

	f2f7e9ce5ea54e69d7275393c22630fe	apache-1.3.22-6.i386.rpm
	c17b06f0057f1728a46eae1e98e68162	apache-devel-1.3.22-6.i386.rpm
	6d9e8504f28986f4a1d7a4e0e3213566	apache-doc-1.3.22-6.i386.rpm

	4.3 Installation

	rpm -Fvh apache-1.3.22-6.i386.rpm
	rpm -Fvh apache-devel-1.3.22-6.i386.rpm
	rpm -Fvh apache-doc-1.3.22-6.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

	4.5 Source Packages

	be49e9dd27ee59ca92047c14bd3dc170	apache-1.3.22-6.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

	5.2 Packages

	f97e188e91238ca9da0a5166a69304c4	apache-1.3.22-6.i386.rpm
	eb4d50309740a5c5a922e48357e76f93	apache-devel-1.3.22-6.i386.rpm
	a9855218c3b3e43c02315f19e76edc0b	apache-doc-1.3.22-6.i386.rpm

	5.3 Installation

	rpm -Fvh apache-1.3.22-6.i386.rpm
	rpm -Fvh apache-devel-1.3.22-6.i386.rpm
	rpm -Fvh apache-doc-1.3.22-6.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

	5.5 Source Packages

	de01c304396d9f99e39ac07739d51a98	apache-1.3.22-6.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

	6.2 Packages

	1f3fc745848367bca81d567ddfe3da30	apache-1.3.22-6.i386.rpm
	fecf254f55ef9424c14897bf809a34c8	apache-devel-1.3.22-6.i386.rpm
	de2a877889489b07fc2e873cd2fb74bb	apache-doc-1.3.22-6.i386.rpm

	6.3 Installation

	rpm -Fvh apache-1.3.22-6.i386.rpm
	rpm -Fvh apache-devel-1.3.22-6.i386.rpm
	rpm -Fvh apache-doc-1.3.22-6.i386.rpm

	6.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

	6.5 Source Packages

	a8a9d123784e4f6995b3ec696924b5d8	apache-1.3.22-6.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

	7.2 Packages

	f98ee1d900a26571613367e00a5916b8	apache-1.3.22-6.i386.rpm
	12e7d9ff5fe04e6d4884a02db248bc8b	apache-devel-1.3.22-6.i386.rpm
	9096714909c70c99273e78b10ace3ce4	apache-doc-1.3.22-6.i386.rpm

	7.3 Installation

	rpm -Fvh apache-1.3.22-6.i386.rpm
	rpm -Fvh apache-devel-1.3.22-6.i386.rpm
	rpm -Fvh apache-doc-1.3.22-6.i386.rpm

	7.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

	7.5 Source Packages

	977a132032c7f6df823bda2ae8397fca	apache-1.3.22-6.src.rpm


8. References

	Specific references for this advisory:
		http://www.cert.org/advisories/CA-2002-17.html
		http://httpd.apache.org/info/security_bulletin_20020617.txt

	Caldera security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr865896, fz521277,
	erg712080.


9. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


10. Acknowledgements

	Neel Mehta of the ISS X-Force discovered this vulnerability.
	Mark Litchfield reported this vulnerability to the Apache Software
	Foundation, and Mark Cox reported it to the CERT/CC.

______________________________________________________________________________

--YiEDa0DAkWCtVeE4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0TvlgACgkQbluZssSXDTHAUwCfagprbCraufvbIm+PCtsA4355
80gAnRj4W7KkvFati5yo2chpXJXSruq0
=6+Xq
-----END PGP SIGNATURE-----

--YiEDa0DAkWCtVeE4--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC