SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Compaq Secure Web Server Vendors:   Compaq, HPE
(Compaq/HP Issues Fix for Tru64 and OpenVMS) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
SecurityTracker Alert ID:  1004670
SecurityTracker URL:  http://securitytracker.com/id/1004670
CVE Reference:   CVE-2002-0392   (Links to External Site)
Date:  Jul 1 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Various versions
Description:   ISS X-Force has reported a vulnerability in the Apache web server. A remote user may be able to cause arbitrary code to be executed on the server.

ISS reports that Apache contains a flaw in the code that calculates the size of HTTP "chunked" encoding data. A remote user can send specially crafted data to the server to trigger a signal race condition or heap overflow. If a heap overflow occurs, the remote user could execute arbitrary code on the system with the privileges of the web server.

ISS X-Force indicates that a remote user can indeed execute arbitrary code on the Windows-based (win32) version of Apache 1.3.24. The report notes that Apache versions 1.x for Unix/Linux contains the same source code flaw but that ISS X-Force believes that successful execution of arbitrary code on most Unix platforms is unlikely [Editor's note: no specific reason was provided.].

Impact:   A remote user may be able to cause the web server to become unstable or cause arbitrary code to be executed on the system with the privileges of the Apache daemon.
Solution:   The vendor has released a fix and has provided the following instructions.

For HP Tru64 UNIX for V5.0a or later:

A Compaq Secure Web Server security update kit is available for download at:

http://tru64unix.compaq.com/internet/download.htm#sws_v591

Select and install the CSWS (Compaq Secure Web Server) kit V5.9.1


Installed Version, Install Updated Server Kit

CSWS V5.8.2 and earlier, CSWS V5.9.1


For HP Tru64 UNIX INTERNET EXPRESS V5.9:

- SECURE WEB SERVER: Internet Express for HP Tru64 also contains the Secure Web Server. All versions of Internet Express up to and including version 5.9 are affected if the IAEAPCH* subset is installed. Internet Express V5.9 is currently in manufacturing and is scheduled to begin shipping. For all versions of Internet Express, obtain the Secure Web Server for HP Tru64 from the download site and only install the IAEAPCH591 subset (the Secure Web Server subset).

Note: When installing Internet Express version 5.9, the IAEAPCH591 subset will need to be uninstalled, and then reinstalled after the installation of the desired Internet Express subsets (this is mandated by version checking in many of the web related subsets).

- Apache 2.0 Early Adopters Kit (2.0.39 beta): All versions are affected prior to version 5.0 (Apache 2.0.39). The latest version of the EAK may be downloaded from:

http://www.tru64unix.compaq.com/internet/download.htm

For CSWS for OpenVMS V7.1-2 or later:

A Compaq Secure Web Server security update kit is available for download at:

www.openvms.compaq.com/openvms/products/ips/apache/csws_patches.html


Installed Version, Update Kit

CSWS V1.2, CSWS12_UPDATE V3.0
CSWS V1.1-1, CSWS111_UPDATE V2.0
CSWS V1.0-1, CSWS101_UPDATE V2.0

After completing the update, Compaq strongly recommends that you perform an immediate backup of your system disk so that any subsequent restore operations begin with updated software. Otherwise, you must reapply the patch after a future restore operation.

Also, if at some future time you upgrade your system to a later patch version, you may need to reapply the appropriate patch.

Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  OpenVMS, UNIX (Tru64)
Underlying OS Comments:  Tru64 UNIX CSWS V5.8.1 and earlier, Internet Express V5.9 CSWS & Internet Express EAK V2.0, CSWS for HP OpenVMS (1.0-1, 1.1-1, 1.2).

Message History:   This archive entry is a follow-up to the message listed below.
Jun 17 2002 Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server



 Source Message Contents

Subject:  [bulletin] SSRT2253- Secure Web Server for HP Tru64 UNIX & HP OpenVMS Potential Apache Web Server Chunk Handling Vulnerability


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SECURITY BULLETIN  SSRT2253  REVISION: 1

SSRT2253- Secure Web Server for HP Tru64 UNIX & HP OpenVMS Potential
          Apache Web Server Chunk Handling Vulnerability


NOTICE: There are no restrictions for distribution of this Bulletin
        provided that it remains complete and intact.

RELEASE DATE: 30 June 2002

SEVERITY: 1

SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary of
        Hewlett-Packard Company and
        Hewlett-Packard Company HP Services
        Software Security Response Team

REFERENCE: CAN-2002-0392, CERT CA-2002-17

PROBLEM SUMMARY:

Compaq was recently notified of a potential vulnerability that impact
Compaq's Secure Web Server (CSWS) for HP Tru64 UNIX and HP OpenVMS
where under certain circumstances, system integrity may be
compromised.

    SSRT2253 Apache chunk handling vulnerability (severity HIGH)

    Impact: local and remote

    Code for handling invalid requests which use chunked encoding
    may allow arbitrary code execution and or create a denial of
    service.

     o Buffer overflow attacks are commonly used to attempt to
       subvert the function of a privileged program and possibly
       execute commands at the elevated privileges if the program
       file has the setuid privilege.

     o DoS attacks make computer systems inaccessible by flooding a
       service, server or network with useless traffic.



VERSIONS IMPACTED:

 o HP Tru64 UNIX CSWS V5.8.1 and earlier

 o Internet Express V5.9 CSWS & Internet Express EAK V2.0

 o CSWS for HP OpenVMS
      HP OpenVMS CSWS 1.0-1
      HP OpenVMS CSWS 1.1-1
      HP OpenVMS CSWS 1.2


  *NOTE: This reported potential vulnerability does not have an
   impact to the base operating system in the form of elevated
   permissions or privileges.

 o HP9000 Servers running HP-UX release 11.00, or 11.11
   Please refer to the HP Security Bulletin HPSBUX0207-197,
   available on http://itrc.hp.com in the Support Digests,
   under Archives.



NO IMPACT:

 o HP NonStop Servers
 o HP Insight Management Software Web Products




RESOLUTION:

 o HP Tru64 UNIX for V5.0a or later:

   A Compaq Secure Web Server security update kit is available for
   download at:
   http://tru64unix.compaq.com/internet/download.htm#sws_v591
   select and install the CSWS (Compaq Secure Web Server) kit V5.9.1


     Installed Version                   Install Updated Server Kit

     CSWS V5.8.2 and earlier             CSWS V5.9.1


 o HP Tru64 UNIX INTERNET EXPRESS V5.9

   - SECURE WEB SERVER: Internet Express for HP Tru64 also contains
   the Secure Web Server. All versions of Internet Express up to and
   including version 5.9 are affected if the IAEAPCH* subset is
   installed. Internet Express V5.9 is currently in manufacturing
   and is scheduled to begin shipping. For all versions of
   Internet Express, obtain the Secure Web Server for HP Tru64 from
   the download site and only install the IAEAPCH591 subset
   (the Secure Web Server subset).

   Note: When installing Internet Express version 5.9, the IAEAPCH591
   subset will need to be uninstalled, and then reinstalled after the
   installation of the desired Internet Express subsets (this is
   mandated by version checking in many of the web related subsets).

   - Apache 2.0 Early Adopters Kit (2.0.39 beta): All versions are
   affected prior to version 5.0 (Apache 2.0.39). The latest version
   of the EAK may be downloaded from:
   http://www.tru64unix.compaq.com/internet/download.htm

 o CSWS for OpenVMS V7.1-2 or later:

   A Compaq Secure Web Server security update kit is available for
   download at:
www.openvms.compaq.com/openvms/products/ips/apache/csws_patches.html


   Installed Version                  Update Kit

   CSWS V1.2                          CSWS12_UPDATE V3.0
   CSWS V1.1-1                        CSWS111_UPDATE V2.0
   CSWS V1.0-1                        CSWS101_UPDATE V2.0

 After completing the update, Compaq strongly recommends that you
 perform an immediate backup of your system disk so that any
 subsequent restore operations begin with updated software.
 Otherwise, you must reapply the patch after a future restore
 operation.

 Also, if at some future time you upgrade your system to a later
 patch version, you may need to reapply the appropriate patch.



SUPPORT: For further information, contact HP Services.




SUBSCRIBE:

 To subscribe to automatically receive future Security Advisories
 from the Software Security Response Team via electronic mail:
 http://www.support.compaq.com/patches/mailing-list.shtml



REPORT:

 To report a potential security vulnerability with any Compaq
 supported product, send email to: mailto:security-ssrt@compaq.com
 or mailto:security-alert@hp.com

 HP and Compaq appreciate your cooperation and patience. As always,
 HP and Compaq urge you to periodically review your system management
 and security procedures. HP and Compaq will continue to review and
 enhance the security features of its products and work with our
 customers to maintain and improve the security and integrity of
 their systems.

 "HP and Compaq are broadly distributing this Security Bulletin in
 order to bring to the attention of users of the affected Compaq
 products the important security information contained in this
 Bulletin. HP and Compaq recommend that all users determine the
 applicability of this information to their individual situations
 and take appropriate action. Neither HP nor Compaq warrant that
 this information is necessarily accurate or complete
 for all user situations and, consequently, neither HP nor Compaq
 will be responsible for any damages resulting from user's use
 or disregard of the information provided in this Bulletin."

 Copyright 2002 Compaq Information Technologies Group, L.P.
 Compaq shall not be liable for technical or editorial errors or
 omissions contained herein. The information in this document is
 subject to change without notice. Compaq and the names of Compaq
 products referenced herein are trademarks of Compaq Information
 Technologies Group, L.P. in the United States and other countries.
 Other product and company names mentioned herein may be trademarks
 of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBPSBbbTnTu2ckvbFuEQLr3ACg0LDpJEePOidGMeIYv7yo3R8zQlUAoIAm
jC5Ob/bC/CkKpqfX3eUAvDMT
=NsqV
-----END PGP SIGNATURE-----


---
You are currently subscribed to security as: ***********************
To unsubscribe send a blank email to *********************@list.support.compaq.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC