[gentoo-announce] [ GLSA 200602-03 ] Apache: Multiple vulnerabilities - gentoo-announce

From:	Sune Kloppenborg Jeppesen <jaervosz@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200602-03 ] Apache: Multiple vulnerabilities
Date:	Mon, 06 Feb 2006 18:33:03
Message-Id:	`200602061910.23984.jaervosz@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200602-03

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Apache: Multiple vulnerabilities

9

      Date: February 06, 2006

10

      Bugs: #115324, #118875

11

        ID: 200602-03

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Apache can be exploited for cross-site scripting attacks and is

19

vulnerable to a Denial of Service attack.

20

21

Background

22

==========

23

24

The Apache HTTP server is one of the most popular web servers on the

25

Internet. mod_imap provides support for server-side image maps; mod_ssl

26

provides secure HTTP connections.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package         /   Vulnerable   /                     Unaffected

33

    -------------------------------------------------------------------

34

  1  net-www/apache      < 2.0.55-r1                      >= 2.0.55-r1

35

                                                        *>= 2.0.54-r16

36

                                                          == 1.3.34-r2

37

                                                        *>= 1.3.34-r11

38

39

Description

40

===========

41

42

Apache's mod_imap fails to properly sanitize the "Referer" directive of

43

imagemaps in some cases, leaving the HTTP Referer header unescaped. A

44

flaw in mod_ssl can lead to a NULL pointer dereference if the site uses

45

a custom "Error 400" document. These vulnerabilities were reported by

46

Marc Cox and Hartmut Keil, respectively.

47

48

Impact

49

======

50

51

A remote attacker could exploit mod_imap to inject arbitrary HTML or

52

JavaScript into a user's browser to gather sensitive information.

53

Attackers could also cause a Denial of Service on hosts using the SSL

54

module (Apache 2.0.x only).

55

56

Workaround

57

==========

58

59

There is no known workaround at this time.

60

61

Resolution

62

==========

63

64

All Apache users should upgrade to the latest version, depending on

65

whether they still use the old configuration style

66

(/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).

67

68

2.0.x users, new style config:

69

70

    # emerge --sync

71

    # emerge --ask --oneshot --verbose ">=net-www/apache-2.0.55-r1"

72

73

2.0.x users, old style config:

74

75

    # emerge --sync

76

    # emerge --ask --oneshot --verbose "=net-www/apache-2.0.54-r16"

77

78

1.x users, new style config:

79

80

    # emerge --sync

81

    # emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r11"

82

83

1.x users, old style config:

84

85

    # emerge --sync

86

    # emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r2"

87

88

References

89

==========

90

91

  [ 1 ] CVE-2005-3352

92

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352

93

  [ 2 ] CVE-2005-3357

94

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357

95

96

Availability

97

============

98

99

This GLSA and any updates to it are available for viewing at

100

the Gentoo Security Website:

101

102

  http://security.gentoo.org/glsa/glsa-200602-03.xml

103

104

Concerns?

105

=========

106

107

Security is a primary focus of Gentoo Linux and ensuring the

108

confidentiality and security of our users machines is of utmost

109

importance to us. Any security concerns should be addressed to

110

security@g.o or alternatively, you may file a bug at

111

http://bugs.gentoo.org.

112

113

License

114

=======

115

116

Copyright 2006 Gentoo Foundation, Inc; referenced text

117

belongs to its owner(s).

118

119

The contents of this document are licensed under the

120

Creative Commons - Attribution / Share Alike license.

121

122

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200602-03
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Apache: Multiple vulnerabilities
9	Date: February 06, 2006
10	Bugs: #115324, #118875
11	ID: 200602-03
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Apache can be exploited for cross-site scripting attacks and is
19	vulnerable to a Denial of Service attack.
20
21	Background
22	==========
23
24	The Apache HTTP server is one of the most popular web servers on the
25	Internet. mod_imap provides support for server-side image maps; mod_ssl
26	provides secure HTTP connections.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 net-www/apache < 2.0.55-r1 >= 2.0.55-r1
35	*>= 2.0.54-r16
36	== 1.3.34-r2
37	*>= 1.3.34-r11
38
39	Description
40	===========
41
42	Apache's mod_imap fails to properly sanitize the "Referer" directive of
43	imagemaps in some cases, leaving the HTTP Referer header unescaped. A
44	flaw in mod_ssl can lead to a NULL pointer dereference if the site uses
45	a custom "Error 400" document. These vulnerabilities were reported by
46	Marc Cox and Hartmut Keil, respectively.
47
48	Impact
49	======
50
51	A remote attacker could exploit mod_imap to inject arbitrary HTML or
52	JavaScript into a user's browser to gather sensitive information.
53	Attackers could also cause a Denial of Service on hosts using the SSL
54	module (Apache 2.0.x only).
55
56	Workaround
57	==========
58
59	There is no known workaround at this time.
60
61	Resolution
62	==========
63
64	All Apache users should upgrade to the latest version, depending on
65	whether they still use the old configuration style
66	(/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).
67
68	2.0.x users, new style config:
69
70	# emerge --sync
71	# emerge --ask --oneshot --verbose ">=net-www/apache-2.0.55-r1"
72
73	2.0.x users, old style config:
74
75	# emerge --sync
76	# emerge --ask --oneshot --verbose "=net-www/apache-2.0.54-r16"
77
78	1.x users, new style config:
79
80	# emerge --sync
81	# emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r11"
82
83	1.x users, old style config:
84
85	# emerge --sync
86	# emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r2"
87
88	References
89	==========
90
91	[ 1 ] CVE-2005-3352
92	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
93	[ 2 ] CVE-2005-3357
94	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357
95
96	Availability
97	============
98
99	This GLSA and any updates to it are available for viewing at
100	the Gentoo Security Website:
101
102	http://security.gentoo.org/glsa/glsa-200602-03.xml
103
104	Concerns?
105	=========
106
107	Security is a primary focus of Gentoo Linux and ensuring the
108	confidentiality and security of our users machines is of utmost
109	importance to us. Any security concerns should be addressed to
110	security@g.o or alternatively, you may file a bug at
111	http://bugs.gentoo.org.
112
113	License
114	=======
115
116	Copyright 2006 Gentoo Foundation, Inc; referenced text
117	belongs to its owner(s).
118
119	The contents of this document are licensed under the
120	Creative Commons - Attribution / Share Alike license.
121
122	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce