Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and Apach

[CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and Apach

by Nikola Strahija on December 6th, 2002 Issue date: 2002 December 05


1. Problem Description

The shared memory scoreboard in the HTTP daemon for Apache
allows any user running as the Apache UID to send a SIGUSR1
signal to any process as root, resulting in a denial of
service (process kill) or possibly other behaviors that would
not normally be allowed, by modifying the parent[].pid and
parent[].last_rtime segments in the scoreboard.

Cross-site scripting (XSS) vulnerability in the default error
page of Apache when UseCanonicalName is "Off" and support for
wildcard DNS is present, allows remote attackers to execute
script as other web page visitors via the Host: header.

Buffer overflows in the ApacheBench support program (ab.c) in
Apache allow a malicious web server to cause a denial of
service and possibly execute arbitrary code via a long
response.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to apache-1.3.27-1.0.i386.rpm
prior to apache-devel-1.3.27-1.0.i386.rpm
prior to apache-doc-1.3.27-1.0.i386.rpm

OpenLinux 3.1.1 Workstation prior to apache-1.3.27-1.0.i386.rpm
prior to apache-devel-1.3.27-1.0.i386.rpm
prior to apache-doc-1.3.27-1.0.i386.rpm

OpenLinux 3.1 Server prior to apache-1.3.27-1.0.i386.rpm
prior to apache-devel-1.3.27-1.0.i386.rpm
prior to apache-doc-1.3.27-1.0.i386.rpm

OpenLinux 3.1 Workstation prior to apache-1.3.27-1.0.i386.rpm
prior to apache-devel-1.3.27-1.0.i386.rpm
prior to apache-doc-1.3.27-1.0.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-056.0/RPMS

4.2 Packages

c7b17000acd9101eee8c37d3b4601ec8 apache-1.3.27-1.0.i386.rpm
d857c04c257932ae2a4eaeb1aed19e8c apache-devel-1.3.27-1.0.i386.rpm
68c4e2eb95a1ca1493f4eb0c8b54fff2 apache-doc-1.3.27-1.0.i386.rpm

4.3 Installation

rpm -Fvh apache-1.3.27-1.0.i386.rpm
rpm -Fvh apache-devel-1.3.27-1.0.i386.rpm
rpm -Fvh apache-doc-1.3.27-1.0.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-056.0/SRPMS

4.5 Source Packages

593f46d5622a2191ee9affda05b96b7c apache-1.3.27-1.0.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-056.0/RPMS

5.2 Packages

afe15920bac4b43bda8c9c3e78d30067 apache-1.3.27-1.0.i386.rpm
962f0f2c795b1012fe1c3d36981a732d apache-devel-1.3.27-1.0.i386.rpm
2f7bd182f5e458a228edd03b487466d0 apache-doc-1.3.27-1.0.i386.rpm

5.3 Installation

rpm -Fvh apache-1.3.27-1.0.i386.rpm
rpm -Fvh apache-devel-1.3.27-1.0.i386.rpm
rpm -Fvh apache-doc-1.3.27-1.0.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-056.0/SRPMS

5.5 Source Packages

89d64819da7385209cca310c4ce097a1 apache-1.3.27-1.0.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-056.0/RPMS

6.2 Packages

5bb492139575fb1908c29777242c89db apache-1.3.27-1.0.i386.rpm
1a28bc1f4d8e27761da8623385cfd430 apache-devel-1.3.27-1.0.i386.rpm
18774c4e1c471d3c0532203e3053035a apache-doc-1.3.27-1.0.i386.rpm

6.3 Installation

rpm -Fvh apache-1.3.27-1.0.i386.rpm
rpm -Fvh apache-devel-1.3.27-1.0.i386.rpm
rpm -Fvh apache-doc-1.3.27-1.0.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-056.0/SRPMS

6.5 Source Packages

6a329cad378b982f7864722cd8bc7b71 apache-1.3.27-1.0.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-056.0/RPMS

7.2 Packages

96b47bab30d5a625917fa37536904765 apache-1.3.27-1.0.i386.rpm
0b6e58d39dfbc52daf6662b51116e3db apache-devel-1.3.27-1.0.i386.rpm
d29dabf7e838b143006c32122547f7dc apache-doc-1.3.27-1.0.i386.rpm

7.3 Installation

rpm -Fvh apache-1.3.27-1.0.i386.rpm
rpm -Fvh apache-devel-1.3.27-1.0.i386.rpm
rpm -Fvh apache-doc-1.3.27-1.0.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-056.0/SRPMS

7.5 Source Packages

146818586bde204a4d0eaf44e32d23e3 apache-1.3.27-1.0.src.rpm


8. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr870244, fz526296,
erg712139.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »