Login
Newsletter
Werbung

Sicherheit: Fehler in der Behandlung von Chunked Encoding in Apache
Aktuelle Meldungen Distributionen
Name: Fehler in der Behandlung von Chunked Encoding in Apache
ID: CSSA-2002-029.0
Distribution: Caldera
Plattformen: Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1
Datum: So, 23. Juni 2002, 13:00
Referenzen: Keine Angabe
Applikationen: Apache

Originalnachricht

--YiEDa0DAkWCtVeE4
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com
security-alerts@linuxsecurity.com

______________________________________________________________________________

Caldera International, Inc. Security Advisory

Subject: Linux: Apache Web Server Chunk Handling Vulnerability
Advisory number: CSSA-2002-029.0
Issue date: 2002 June 20
Cross reference:
______________________________________________________________________________


1. Problem Description

There is a remotely exploitable vulnerability in the handling
of large chunks of data in web servers that are based on Apache
source code.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to apache-1.3.22-6.i386.rpm
prior to apache-devel-1.3.22-6.i386.rpm
prior to apache-doc-1.3.22-6.i386.rpm

OpenLinux 3.1.1 Workstation prior to apache-1.3.22-6.i386.rpm
prior to apache-devel-1.3.22-6.i386.rpm
prior to apache-doc-1.3.22-6.i386.rpm

OpenLinux 3.1 Server prior to apache-1.3.22-6.i386.rpm
prior to apache-devel-1.3.22-6.i386.rpm
prior to apache-doc-1.3.22-6.i386.rpm

OpenLinux 3.1 Workstation prior to apache-1.3.22-6.i386.rpm
prior to apache-devel-1.3.22-6.i386.rpm
prior to apache-doc-1.3.22-6.i386.rpm


3. Solution

The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

f2f7e9ce5ea54e69d7275393c22630fe apache-1.3.22-6.i386.rpm
c17b06f0057f1728a46eae1e98e68162 apache-devel-1.3.22-6.i386.rpm
6d9e8504f28986f4a1d7a4e0e3213566 apache-doc-1.3.22-6.i386.rpm

4.3 Installation

rpm -Fvh apache-1.3.22-6.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.i386.rpm

4.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

be49e9dd27ee59ca92047c14bd3dc170 apache-1.3.22-6.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

5.2 Packages

f97e188e91238ca9da0a5166a69304c4 apache-1.3.22-6.i386.rpm
eb4d50309740a5c5a922e48357e76f93 apache-devel-1.3.22-6.i386.rpm
a9855218c3b3e43c02315f19e76edc0b apache-doc-1.3.22-6.i386.rpm

5.3 Installation

rpm -Fvh apache-1.3.22-6.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.i386.rpm

5.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

5.5 Source Packages

de01c304396d9f99e39ac07739d51a98 apache-1.3.22-6.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

6.2 Packages

1f3fc745848367bca81d567ddfe3da30 apache-1.3.22-6.i386.rpm
fecf254f55ef9424c14897bf809a34c8 apache-devel-1.3.22-6.i386.rpm
de2a877889489b07fc2e873cd2fb74bb apache-doc-1.3.22-6.i386.rpm

6.3 Installation

rpm -Fvh apache-1.3.22-6.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.i386.rpm

6.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

6.5 Source Packages

a8a9d123784e4f6995b3ec696924b5d8 apache-1.3.22-6.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

7.2 Packages

f98ee1d900a26571613367e00a5916b8 apache-1.3.22-6.i386.rpm
12e7d9ff5fe04e6d4884a02db248bc8b apache-devel-1.3.22-6.i386.rpm
9096714909c70c99273e78b10ace3ce4 apache-doc-1.3.22-6.i386.rpm

7.3 Installation

rpm -Fvh apache-1.3.22-6.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.i386.rpm

7.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

7.5 Source Packages

977a132032c7f6df823bda2ae8397fca apache-1.3.22-6.src.rpm


8. References

Specific references for this advisory:
http://www.cert.org/advisories/CA-2002-17.html
http://httpd.apache.org/info/security_bulletin_20020617.txt

Caldera security resources:
http://www.caldera.com/support/security/index.html

This security fix closes Caldera incidents sr865896, fz521277,
erg712080.


9. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.


10. Acknowledgements

Neel Mehta of the ISS X-Force discovered this vulnerability.
Mark Litchfield reported this vulnerability to the Apache Software
Foundation, and Mark Cox reported it to the CERT/CC.

______________________________________________________________________________

--YiEDa0DAkWCtVeE4
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0TvlgACgkQbluZssSXDTHAUwCfagprbCraufvbIm+PCtsA4355
80gAnRj4W7KkvFati5yo2chpXJXSruq0
=6+Xq
-----END PGP SIGNATURE-----

--YiEDa0DAkWCtVeE4--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung