INFORMATION BULLETIN

Q-263: Apache Buffer Overflow

[DSA-1131-1]

August 1, 2006 16:00 GMT
[REVISED 5 Sept 2006]
[REVISED 11 Oct 2006]
[REVISED 02 Nov 2006]
[REVISED 5 Dec 2006]


PROBLEM:	There is a buffer overflow in the mod_rewrite component of apache.
PLATFORM:	Debian GNU/Linux 3.1 (sarge) HP-UX B.11.00, B.11.11, B.11.23
DAMAGE:	A remote attacker could exploit this to execute arbitary code.
SOLUTION:	Apply current patches.

VULNERABILITY ASSESSMENT:	The risk is HIGH. A remote attacker could exploit this to execute arbitary code.

LINKS:
CIAC BULLETIN:	http://www.ciac.org/ciac/bulletins/q-263.shtml
ORIGINAL BULLETIN:	http://www.debian.org/security/2006/dsa-1131
ADDITIONAL LINKS:	Debian Security Advisory 1132 http://www.debian.org/security/2006/dsa-1132 USCERT VU#395412 http://www.kb.cert.org/vuls/id/395412 Visit Hewlett-Packard Subscription Service for: HPSBUX02145 SSRT061202 rev. 2 Visit Hewlett-Packard Subscription Service for: HPSBUX02164 SSRT061265 Visit Hewlett-Packard Subscription Service for: HPSBUX02172 SSRT061269 Sun Alert ID: 102662 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1&searchclause=%22category:security%22%2420%22availability,%2420security%22%2420category:security Sun Alert ID: 102663 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1&searchclause=%22category:security%22%2420%22availability,%2420security%22%2420category:security
CVE:	CVE-2006-3747

REVISION HISTORY:
09/05/2006 - revised to add a link to Hewlett-Packard for HPXBUX02145 SSRT061202 rev. 1 for HP-UX B.11.00, B.11.11, B.11.23
10/11/2006 - added a link to Sun Alert ID: 102662 for the Solaris 10 Operating System and Sun Alert ID: 102663 for Solaris 8, 9, and 10 Operating Systems
11/02/2006 - added links to HPSBUX02164 SSRT061265 and HPSBUX02172 SSRT061269
12/05/2006 - revised to change the revision number on to HPSBUX02145 
             SSRT061202 rev. 2 for HP-UX B.11.00, B.11.11, B.11.23 running Apache-Based 
             Web Server prior to v.2.0.58.   			 
			 
			 
[***** Start DSA-1131-1 *****]

Debian Security Advisory

DSA-1131-1 apache -- buffer overflow

Date Reported:

01 Aug 2006

Affected Packages:

apache

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 380231.
In Mitre's CVE dictionary: CVE-2006-3747.
CERT's vulnerabilities, advisories and incident notes: VU#395412.

More information:

Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code.

For the stable distribution (sarge) this problem has been fixed in version 1.3.33-6sarge2.

For the unstable distribution (sid) this problems will be fixed shortly.

We recommend that you upgrade your apache package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.dsc; http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.diff.gz; http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge2_all.deb; http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge2_all.deb; http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_alpha.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_alpha.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_alpha.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_alpha.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_alpha.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_amd64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_amd64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_amd64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_amd64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_amd64.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_arm.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_arm.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_arm.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_arm.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_arm.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_i386.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_i386.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_i386.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_i386.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_i386.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_ia64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_ia64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_ia64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_ia64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_ia64.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_hppa.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_hppa.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_hppa.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_hppa.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_hppa.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_m68k.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_m68k.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_m68k.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_m68k.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_m68k.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_mips.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_mips.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_mips.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_mips.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_mips.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_mipsel.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_mipsel.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_mipsel.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_mipsel.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_mipsel.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_powerpc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_powerpc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_powerpc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_powerpc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_powerpc.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_s390.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_s390.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_s390.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_s390.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_s390.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_sparc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_sparc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_sparc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_sparc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_sparc.deb; http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.



[***** End DSA-1131-1 *****]

CIAC wishes to acknowledge the contributions of Debian for the information contained in this bulletin.

DOE-CIRC can be contacted at:

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/