Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SCO CSSA-2003-SCO.10.1: Apache multiple vulnerabilities

SCO CSSA-2003-SCO.10.1: Apache multiple vulnerabilities

by Nikola Strahija on September 10th, 2003 Several vulnerabilities have been found in version of Apache prior to 1.3.27 which could lead to cross site scripting, buffer overflows and denial of service.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

__________________________________________________________________

SCO Security Advisory

Subject: OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache.

Advisory number: CSSA-2003-SCO.10.1
Issue date: 2003 September 10
Cross reference: erg712141 fz526299 sr870246
erg711975 fz521278 sr865893
erg711980 fz520245 sr861015
erg711980 fz520260 sr861044
__________________________________________________________________


1. Problem Description

This package fixes the following security issues:
CAN-2002-0839 - The shared memory scoreboard in the HTTP daemon
Apache 1.3.x before 1.3.27 allows any user running as the
Apache UID to send a SIGUSR1 signal to any process as root,
resulting in a denial of service (process kill) or possibly
other behaviors that would not normally be allowed, by
modifying the parent[].pid and parent[].last_rtime segments
in the scoreboard.

CAN-2002-0840 - Cross-site scripting
(XSS) vulnerability in the default error page of Apache
2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName
is "Off" and support for wildcard DNS is present, allows
remote attackers to execute script as other web page
visitors via the Host: header.

CAN-2002-0843 - Buffer
overflows in the ApacheBench support program (ab.c) in
Apache before 1.3.27, and Apache 2.x before 2.0.43, allow
a malicious web server to cause a denial of service and
possibly execute arbitrary code via a long response.

mod_ssl
(www.modssl.org) is a commonly used Apache module that
provides strong cryptography for the Apache web server.
The module utilizes OpenSSL (formerly SSLeay) for the SSL
implementation. modssl versions prior to 2.8.7-1.3.23 (Feb
23, 2002) make use of the underlying OpenSSL routines in
a manner which could overflow a buffer within the
implementation.

Vulnerabilities in the php_mime_split
function may allow an intruder to execute arbitrary code
with the privileges of the web server.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 5.0.5 Apache distribution
OpenServer 5.0.6 Apache distribution


3. Solution

The proper solution is to install the latest packages.


4. OpenServer 5.0.5, OpenServer 5.0.6

4.1 First install:

oss646a - Execution Environment Supplement
oss631b - gwxlibs supplement
oss632b - perl supplement

4.2 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.10


4.3 Verification

MD5 (VOL.000.000) = 1fc6f6ad14819316e8c1944b591da03c
MD5 (VOL.000.001) = 5e4a1668b9e195c915d27b60d8b9930a
MD5 (VOL.000.002) = a996524cf6cba2e4fd8718d837cb385f
MD5 (VOL.000.003) = 6f277e38877b7c48398ff0d4c213f2db
MD5 (VOL.000.004) = df6f1a897ffa5c153845c85a237b1625
MD5 (VOL.000.005) = aa44f7ea160184e06de7032cc65d6299
MD5 (VOL.000.006) = 34a110733467c4820d5e9f427d147e2d
MD5 (VOL.000.007) = 8bcd062ea9f8b36017c71144caf89810
MD5 (VOL.000.008) = 6667358ef32b137dc3d6a68215c36c38

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.4 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:


1) Download the VOL* files to the /tmp directory

2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.

5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843
http://httpd.apache.org/info/security_bulletin_20020617.txt
http://www.kb.cert.org/vuls/id/297363
http://marc.theaimsgroup.com/?l=apache-modssl&m=104800029216491&w=2
http://www.kb.cert.org/vuls/id/297363

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents erg712141, fz526299,
sr870246 erg711975, fz521278, sr865893 erg711980, fz520245,
sr861015, erg711980, fz520260, sr861044.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


7. Acknowledgements

CAN-2002-0839: zen-parse (zen-parsegmx.net) disclosed this
issue to iDEFENSE. CAN-2002-0840: This issue was reported
to the ASF by Matthew Murphy. CAN-2002-0843: This issue was
reported to the ASF by David Wagner. php_mime_split This
issues was reported by Stefan Esser.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/X5QGaqoBO7ipriERAsd7AJ4mEqUfMcRq8CykfAD6gGtkhS04OQCgip5H
RfPGA+rWCYVFYY4bJPB5LTg=
=QsV+
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »