lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021205162645.C334@sco.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench

To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench
Advisory number: 	CSSA-2002-056.0
Issue date: 		2002 December 05
Cross reference:
______________________________________________________________________________


1. Problem Description

	The shared memory scoreboard in the HTTP daemon for Apache
	allows any user running as the Apache UID to send a SIGUSR1
	signal to any process as root, resulting in a denial of
	service (process kill) or possibly other behaviors that would
	not normally be allowed, by modifying the parent[].pid and
	parent[].last_rtime segments in the scoreboard.

	Cross-site scripting (XSS) vulnerability in the default error
	page of Apache when UseCanonicalName is "Off" and support for
	wildcard DNS is present, allows remote attackers to execute
	script as other web page visitors via the Host: header.

	Buffer overflows in the ApacheBench support program (ab.c) in
	Apache allow a malicious web server to cause a denial of
	service and possibly execute arbitrary code via a long
	response.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to apache-1.3.27-1.0.i386.rpm
					prior to apache-devel-1.3.27-1.0.i386.rpm
					prior to apache-doc-1.3.27-1.0.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to apache-1.3.27-1.0.i386.rpm
					prior to apache-devel-1.3.27-1.0.i386.rpm
					prior to apache-doc-1.3.27-1.0.i386.rpm

	OpenLinux 3.1 Server		prior to apache-1.3.27-1.0.i386.rpm
					prior to apache-devel-1.3.27-1.0.i386.rpm
					prior to apache-doc-1.3.27-1.0.i386.rpm

	OpenLinux 3.1 Workstation	prior to apache-1.3.27-1.0.i386.rpm
					prior to apache-devel-1.3.27-1.0.i386.rpm
					prior to apache-doc-1.3.27-1.0.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-056.0/RPMS

	4.2 Packages

	c7b17000acd9101eee8c37d3b4601ec8	apache-1.3.27-1.0.i386.rpm
	d857c04c257932ae2a4eaeb1aed19e8c	apache-devel-1.3.27-1.0.i386.rpm
	68c4e2eb95a1ca1493f4eb0c8b54fff2	apache-doc-1.3.27-1.0.i386.rpm

	4.3 Installation

	rpm -Fvh apache-1.3.27-1.0.i386.rpm
	rpm -Fvh apache-devel-1.3.27-1.0.i386.rpm
	rpm -Fvh apache-doc-1.3.27-1.0.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-056.0/SRPMS

	4.5 Source Packages

	593f46d5622a2191ee9affda05b96b7c	apache-1.3.27-1.0.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-056.0/RPMS

	5.2 Packages

	afe15920bac4b43bda8c9c3e78d30067	apache-1.3.27-1.0.i386.rpm
	962f0f2c795b1012fe1c3d36981a732d	apache-devel-1.3.27-1.0.i386.rpm
	2f7bd182f5e458a228edd03b487466d0	apache-doc-1.3.27-1.0.i386.rpm

	5.3 Installation

	rpm -Fvh apache-1.3.27-1.0.i386.rpm
	rpm -Fvh apache-devel-1.3.27-1.0.i386.rpm
	rpm -Fvh apache-doc-1.3.27-1.0.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-056.0/SRPMS

	5.5 Source Packages

	89d64819da7385209cca310c4ce097a1	apache-1.3.27-1.0.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-056.0/RPMS

	6.2 Packages

	5bb492139575fb1908c29777242c89db	apache-1.3.27-1.0.i386.rpm
	1a28bc1f4d8e27761da8623385cfd430	apache-devel-1.3.27-1.0.i386.rpm
	18774c4e1c471d3c0532203e3053035a	apache-doc-1.3.27-1.0.i386.rpm

	6.3 Installation

	rpm -Fvh apache-1.3.27-1.0.i386.rpm
	rpm -Fvh apache-devel-1.3.27-1.0.i386.rpm
	rpm -Fvh apache-doc-1.3.27-1.0.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-056.0/SRPMS

	6.5 Source Packages

	6a329cad378b982f7864722cd8bc7b71	apache-1.3.27-1.0.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-056.0/RPMS

	7.2 Packages

	96b47bab30d5a625917fa37536904765	apache-1.3.27-1.0.i386.rpm
	0b6e58d39dfbc52daf6662b51116e3db	apache-devel-1.3.27-1.0.i386.rpm
	d29dabf7e838b143006c32122547f7dc	apache-doc-1.3.27-1.0.i386.rpm

	7.3 Installation

	rpm -Fvh apache-1.3.27-1.0.i386.rpm
	rpm -Fvh apache-devel-1.3.27-1.0.i386.rpm
	rpm -Fvh apache-doc-1.3.27-1.0.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-056.0/SRPMS

	7.5 Source Packages

	146818586bde204a4d0eaf44e32d23e3	apache-1.3.27-1.0.src.rpm


8. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr870244, fz526296,
	erg712139.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.

______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021205/4dd8c260/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ