lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030910151752.A27280@caldera.com>
Date: Wed, 10 Sep 2003 15:17:52 -0700
From: security@....com
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com,
   announce@...ts.caldera.com
Subject: [UPDATED] OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache.



To: full-disclosure@...ts.netsys.com bugtraq@...urityfocus.com announce@...ts.caldera.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache.
Advisory number: 	CSSA-2003-SCO.10.1
Issue date: 		2003 September 10
Cross reference: 	erg712141 fz526299 sr870246 
			erg711975 fz521278 sr865893 
			erg711980 fz520245 sr861015 
			erg711980 fz520260 sr861044
______________________________________________________________________________


1. Problem Description

	 This package fixes the following security issues: 
	 CAN-2002-0839 - The shared memory scoreboard in the HTTP daemon
	 Apache 1.3.x before 1.3.27 allows any user running as the
	 Apache UID to send a SIGUSR1 signal to any process as root,
	 resulting in a denial of service (process kill) or possibly
	 other behaviors that would not normally be allowed, by
	 modifying the parent[].pid and parent[].last_rtime segments
	 in the scoreboard. 

	 CAN-2002-0840 - Cross-site scripting
	 (XSS) vulnerability in the default error page of Apache
	 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName
	 is "Off" and support for wildcard DNS is present, allows
	 remote attackers to execute script as other web page
	 visitors via the Host: header. 

	 CAN-2002-0843 - Buffer
	 overflows in the ApacheBench support program (ab.c) in
	 Apache before 1.3.27, and Apache 2.x before 2.0.43, allow
	 a malicious web server to cause a denial of service and
	 possibly execute arbitrary code via a long response. 
	 
	 mod_ssl
	 (www.modssl.org) is a commonly used Apache module that
	 provides strong cryptography for the Apache web server.
	 The module utilizes OpenSSL (formerly SSLeay) for the SSL
	 implementation. modssl versions prior to 2.8.7-1.3.23 (Feb
	 23, 2002) make use of the underlying OpenSSL routines in
	 a manner which could overflow a buffer within the
	 implementation. 
	 
	 Vulnerabilities in the php_mime_split
	 function may allow an intruder to execute arbitrary code
	 with the privileges of the web server.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.5	 	Apache distribution	
	OpenServer 5.0.6 		Apache distribution	


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.5, OpenServer 5.0.6

	4.1 First install: 

		oss646a - Execution Environment Supplement
		oss631b - gwxlibs supplement
		oss632b - perl supplement
	
	4.2 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.10


	4.3 Verification

	MD5 (VOL.000.000) = 1fc6f6ad14819316e8c1944b591da03c
	MD5 (VOL.000.001) = 5e4a1668b9e195c915d27b60d8b9930a
	MD5 (VOL.000.002) = a996524cf6cba2e4fd8718d837cb385f
	MD5 (VOL.000.003) = 6f277e38877b7c48398ff0d4c213f2db
	MD5 (VOL.000.004) = df6f1a897ffa5c153845c85a237b1625
	MD5 (VOL.000.005) = aa44f7ea160184e06de7032cc65d6299
	MD5 (VOL.000.006) = 34a110733467c4820d5e9f427d147e2d
	MD5 (VOL.000.007) = 8bcd062ea9f8b36017c71144caf89810
	MD5 (VOL.000.008) = 6667358ef32b137dc3d6a68215c36c38

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.4 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:


	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.

5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843 
		http://httpd.apache.org/info/security_bulletin_20020617.txt 
		http://www.kb.cert.org/vuls/id/297363 
		http://marc.theaimsgroup.com/?l=apache-modssl&m=104800029216491&w=2 
		http://www.kb.cert.org/vuls/id/297363

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents erg712141, fz526299,
	sr870246 erg711975, fz521278, sr865893 erg711980, fz520245,
	sr861015, erg711980, fz520260, sr861044.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgements

	CAN-2002-0839: zen-parse (zen-parsegmx.net) disclosed this
	issue to iDEFENSE. CAN-2002-0840: This issue was reported
	to the ASF by Matthew Murphy. CAN-2002-0843: This issue was
	reported to the ASF by David Wagner. php_mime_split This
	issues was reported by Stefan Esser.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/X5QGaqoBO7ipriERAsd7AJ4mEqUfMcRq8CykfAD6gGtkhS04OQCgip5H
RfPGA+rWCYVFYY4bJPB5LTg=
=QsV+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ