OpenPKG Security Advisory
OpenPKG-SA-2004.021
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2004.021 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2004.021 Advisory Published: 2010-02-09 17:42 UTC Issue Id (internal): OpenPKG-SI-20040512.01 Issue First Created: 2004-05-12 Issue Last Modified: 2006-11-28 Issue Revision: 07
Subject Name: Apache, mod_access, mod_digest Subject Summary: Apache HTTP Server Subject Home: http://httpd.apache.org/ Subject Versions: * <= 1.3.29 Vulnerability Id: CVE-2003-0993, CVE-2003-0020, CVE-2003-0987, CVE-2004-0174 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service, privilege escalation Description: With the release of the Apache HTTP Server [0] version 1.3.31, four security issues were fixed [1]: 1. Access Control List (ACL) Handling (CVE-2003-0993) mod_access in Apache 1.3 before 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow remote attackers to bypass intended access restrictions. 2. Error Log Escape Sequence Filtering (CVE-2003-0020) Apache 1.3 before 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators (of administrators viewing the error logs) containing vulnerabilities related to escape sequence handling. 3. Nonce Verification in Digest Authentication (CVE-2003-0987) mod_digest in Apache 1.3 before 1.3.31 did not properly verify the nonce of a client response by using a AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a "AuthDigestRealmSeed" secret exposed as an MD5 checksum. 4. Starvation Issue in Serialized accept(2) Handling (CVE-2004-0174) Apache 1.3 before 1.3.30, when using multiple listening sockets on certain platforms, allows remote attackers to cause a Denial of Service (blocked new connections) via a short-lived connection on a rarely-accessed listening socket. This starvation situation caused a child to hold the accept(2) mutual exclusion lock and block out new connections (on any socket) until another connection arrives on that rarely-accessed listening socket. The source of the problem seems to be that under some Unix platforms accept(2) unexpectedly blocks after select(2) flagged a socket as readable. References: [0] http://httpd.apache.org/ [1] http://www.apache.org/dist/httpd/CHANGES_1.3 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174 [6] http://www.openpkg.org/tutorial.html#regular-source [7] http://www.openpkg.org/tutorial.html#regular-binary [8] ftp://ftp.openpkg.org/release/1.3/UPD/apache-1.3.28-1.3.3.src.rpm [9] ftp://ftp.openpkg.org/release/2.0/UPD/apache-1.3.29-2.0.1.src.rpm [10] ftp://ftp.openpkg.org/release/1.3/UPD/ [11] ftp://ftp.openpkg.org/release/2.0/UPD/ [12] http://www.openpkg.org/security.html#signature
Primary Package Name: apache Primary Package Home: http://openpkg.org/go/package/apache Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 1.3-SOLID apache-1.3.28-1.3.2 OpenPKG Community 2.0-SOLID apache-1.3.29-2.0.0 OpenPKG Community CURRENT apache-1.3.29-20040421 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 1.3-SOLID apache-1.3.28-1.3.3 OpenPKG Community 2.0-SOLID apache-1.3.29-2.0.1 OpenPKG Community CURRENT apache-1.3.31-20040511
