lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 13 Apr 2015 05:37:51 GMT
From: lem.nikolas@...il.com
To: bugtraq@...urityfocus.com
Subject: Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information
 Security Corp

-=[Advanced Information Security Corp]=-

Author: Nicholas Lemonias
Advisory Date: 13/4/2015
Email: lem.nikolas (at) gmail (dot) com

Introduction
==========
During a source-code audit of the Apache HTTPD 2.2.29 release
implementation for linux; conducted internally by the Advanced
Information Security
Group, instances of insecure function use were observed, which could
possibly lead to some attacks.

Software Overview
===============


The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for modern operating systems including UNIX
and Windows NT. The goal of this project is to provide a secure,
efficient and extensible server that provides HTTP services in sync
with the current HTTP standards.

Apache httpd was launched in 1995, has been the most popular web
server on the Internet since April 1996, and celebrates its 20th
birthday as a project this February.


Module Overview
===============

*  mod_tls.c - Apache SSL/TLS module for NetWare by Mike Gardiner.
*
* This module gives Apache the ability to do SSL/TLS with a minimum amount
* of effort.  All of the SSL/TLS logic is already * on NetWare versions 5 and above and is 
* interfaced through WinSock on NetWare.


PoC 1 - Code Snippet [CWE-476]
==============================
(...\httpd-2.2.29\modules\arch\netware\mod_nw_ssl.c:1104-1130)
(...\httpd-2.4.12\modules\arch\netware\mod_nw_ssl.c:1104-1130)

Description: A Null Pointer dereference security issue has been
realized on [line 1104]   where (request_rec *r = f->r;) and precisely
at the calling of ssl_io_filter_Upgrade() function.

 User input can be supplied to the called function, and an illegal
input to be provided.

 Furthermore, it is noted that there are no security validation
controls on the state of  r->connection , or the context of
&nwssl_module or f->r.


Kind Regards,
Nicholas Lemonias

Powered by blists - more mailing lists