Full Disclosure mailing list archives
[UPDATED] OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache.
From: security () sco com
Date: Wed, 10 Sep 2003 15:17:52 -0700
To: full-disclosure () lists netsys com bugtraq () securityfocus com announce () lists caldera com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache.
Advisory number: CSSA-2003-SCO.10.1
Issue date: 2003 September 10
Cross reference: erg712141 fz526299 sr870246
erg711975 fz521278 sr865893
erg711980 fz520245 sr861015
erg711980 fz520260 sr861044
______________________________________________________________________________
1. Problem Description
This package fixes the following security issues:
CAN-2002-0839 - The shared memory scoreboard in the HTTP daemon
Apache 1.3.x before 1.3.27 allows any user running as the
Apache UID to send a SIGUSR1 signal to any process as root,
resulting in a denial of service (process kill) or possibly
other behaviors that would not normally be allowed, by
modifying the parent[].pid and parent[].last_rtime segments
in the scoreboard.
CAN-2002-0840 - Cross-site scripting
(XSS) vulnerability in the default error page of Apache
2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName
is "Off" and support for wildcard DNS is present, allows
remote attackers to execute script as other web page
visitors via the Host: header.
CAN-2002-0843 - Buffer
overflows in the ApacheBench support program (ab.c) in
Apache before 1.3.27, and Apache 2.x before 2.0.43, allow
a malicious web server to cause a denial of service and
possibly execute arbitrary code via a long response.
mod_ssl
(www.modssl.org) is a commonly used Apache module that
provides strong cryptography for the Apache web server.
The module utilizes OpenSSL (formerly SSLeay) for the SSL
implementation. modssl versions prior to 2.8.7-1.3.23 (Feb
23, 2002) make use of the underlying OpenSSL routines in
a manner which could overflow a buffer within the
implementation.
Vulnerabilities in the php_mime_split
function may allow an intruder to execute arbitrary code
with the privileges of the web server.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.5 Apache distribution
OpenServer 5.0.6 Apache distribution
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.5, OpenServer 5.0.6
4.1 First install:
oss646a - Execution Environment Supplement
oss631b - gwxlibs supplement
oss632b - perl supplement
4.2 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.10
4.3 Verification
MD5 (VOL.000.000) = 1fc6f6ad14819316e8c1944b591da03c
MD5 (VOL.000.001) = 5e4a1668b9e195c915d27b60d8b9930a
MD5 (VOL.000.002) = a996524cf6cba2e4fd8718d837cb385f
MD5 (VOL.000.003) = 6f277e38877b7c48398ff0d4c213f2db
MD5 (VOL.000.004) = df6f1a897ffa5c153845c85a237b1625
MD5 (VOL.000.005) = aa44f7ea160184e06de7032cc65d6299
MD5 (VOL.000.006) = 34a110733467c4820d5e9f427d147e2d
MD5 (VOL.000.007) = 8bcd062ea9f8b36017c71144caf89810
MD5 (VOL.000.008) = 6667358ef32b137dc3d6a68215c36c38
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.4 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843
http://httpd.apache.org/info/security_bulletin_20020617.txt
http://www.kb.cert.org/vuls/id/297363
http://marc.theaimsgroup.com/?l=apache-modssl&m=104800029216491&w=2
http://www.kb.cert.org/vuls/id/297363
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents erg712141, fz526299,
sr870246 erg711975, fz521278, sr865893 erg711980, fz520245,
sr861015, erg711980, fz520260, sr861044.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgements
CAN-2002-0839: zen-parse (zen-parsegmx.net) disclosed this
issue to iDEFENSE. CAN-2002-0840: This issue was reported
to the ASF by Matthew Murphy. CAN-2002-0843: This issue was
reported to the ASF by David Wagner. php_mime_split This
issues was reported by Stefan Esser.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/X5QGaqoBO7ipriERAsd7AJ4mEqUfMcRq8CykfAD6gGtkhS04OQCgip5H
RfPGA+rWCYVFYY4bJPB5LTg=
=QsV+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [UPDATED] OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache. security (Sep 10)