Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Apache APR_PSPrintf memory corruption vulnerability

Apache APR_PSPrintf memory corruption vulnerability

by Mario Miri on June 2nd, 2003 The Apache Software Foundation has released version 2.0.46, which addresses a vulnerability in the web server. This is due to a potential memory management issue in the apr_psprintf() Apache Portable Runtime (APR) library. Exploitation could occur through mod_dav or other components. It has also been conjectured that exploitation could allow for execution of arbitrary code. Enabling UseCanonicalName in the Apache configuration may mitigate these attack vectors: mod_rewrite mod_ssl mod_usertrack mod_alias mod_dir mod_imap mod_speling Some modules, such as mod_proxy and mod_dav/mod_dav_fs may be still prone to exploitation if this directive is enabled. Setting the LimitXMLRequestBody configuration directive for mod_dav to less than 10000 may limit exploitation through this attack vector.


Vulnerable:
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.45


Solution:
http://www.apache.org/dist/httpd/
http://www.mandrakesecure.net/en/ftp.php
RedHat advisory: RHSA-2003:186-01


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »