linux, säkerhet

10903648 2003-10-29 14:17 -0800 /84 rader/ Immunix Security Team <security@immunix.com>
Importerad: 2003-10-30 00:57 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <29681>
Ärende: Immunix Secured OS 7+ apache update
------------------------------------------------------------
From: Immunix Security Team <security@immunix.com>
To: bugtraq@securityfocus.com
Message-ID: <20031029221741.GD9853@wirex.com>

[Please do not use vacation(1), procmail(1), or "Out of Office
Autoreply" features on public mail lists. Thanks.]

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	apache
Affected products:	Immunix OS 7+
Bugs fixed:		CAN-2003-0542
Date:			Tue Oct 28 2003
Advisory ID:		IMNX-2003-7+-025-01
Author:			Seth Arnold <sarnold@immunix.com>
-----------------------------------------------------------------------

Description:
  André Malo discovered two stack-based overflows in the Apache web
  server; one in mod_alias, the other in mod_rewrite. Quoting from the
  OpenPKG adivsory: "These occurred if a regular expression with more
  than 9 capturing parenthesis was configured. To exploit this, an
  attacker would need to be able to locally create a carefully crafted
  configuration file (.htaccess or httpd.conf)."

  The Common Vulnerabilities and Exposures (CVE) project assigned the
  id CAN-2003-0542 to the problem.

  The vulnerability is in an apache wrapper function around the
  regex(3) interface; the affected uses of ap_regexec() are called
  with string inputs, so it would be difficult to construct the
  StackGuard canary value 0x000aff0d when attempting to overwrite the
  stack-stored regmatch_t structure arrays; thus, we expect
  StackGuard should prevent exploitation of this
  vulnerability. However, an exhaustive analysis has not been
  performed.

  In the event StackGuard prevents exploitation of this vulnerability,
  the apache process handling the request would still be killed; thus,
  Immunix recommends all users upgrade when convenient.

  References: http://www.securityfocus.com/archive/1/342674
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
  http://marc.theaimsgroup.com/?l=apache-cvs&m=106701190026083

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-1.3.27-1.7.1_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-devel-1.3.27-1.7.1_imnx_2.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-manual-1.3.27-1.7.1_imnx_2.i386.rpm

  A source package for Immunix 7+ is available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/apache-1.3.27-1.7.1_imnx_2.src.rpm

Immunix OS 7+ md5sums:
  d0f0fa84c2cb84d23f6110faf86e99c9  RPMS/apache-1.3.27-1.7.1_imnx_2.i386.rpm
  52e95aaa3c6acf2f464a0342ba63c360  RPMS/apache-devel-1.3.27-1.7.1_imnx_2.i386.rpm
  3d09e9758813e3b96550ffeba8013c47  RPMS/apache-manual-1.3.27-1.7.1_imnx_2.i386.rpm
  0cd20af663c6f22ee6127ea241269ef5  SRPMS/apache-1.3.27-1.7.1_imnx_2.src.rpm


GPG verification:                                                               
  Our public keys are available at http://download.immunix.org/GPG_KEY
  Immunix, Inc., has changed policy with GPG keys. We maintain several
  keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
  Immunix 7.3 package signing, and 1B7456DA for general security issues.


NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact security@immunix.com.
  Immunix attempts to conform to the RFP vulnerability disclosure protocol
  http://www.wiretrip.net/rfp/policy.html.
(10903648) /Immunix Security Team <security@immunix.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 10903649
10903649 2003-10-29 14:17 -0800 /9 rader/ Immunix Security Team <security@immunix.com>
Importerad: 2003-10-30 00:57 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <29682>
Bilaga (application/pgp-signature) till text 10903648
Ärende: Bilaga till: Immunix Secured OS 7+ apache update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/oDyEn5I6Lxt0VtoRAlvzAKDxxMnO3MBaILcmqimsoh71aFwKJQCghLBS
VUKLa9oHc3vuKipdZ6aMf18=
=meHS
-----END PGP SIGNATURE-----
(10903649) /Immunix Security Team <security@immunix.com>/