[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known

Subject: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
From: "Rick Garcia" <rick@xxxxxxxxxxxxxx>
Date: Fri, 21 Jun 2002 13:00:40 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

The 32 bit apache exploits are now circulating the Internet -
if you have not been effected by this problem yet, you soon will be.

----- Original Message -----
From: <jwoolley@xxxxxxxxxx>
To: <announce@xxxxxxxxxx>; <announce@xxxxxxxxxxxxxxxx>
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Thursday, June 20, 2002 9:54 PM
Subject: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known


>
>  [[ Note: this issue affects both 32-bit and 64-bit platforms; the
>     subject of this message emphasizes 32-bit platforms since that
>     is the most important information not announced in our previous
>     advisory. ]]
>
>
> SUPERSEDES: http://httpd.apache.org/info/security_bulletin_20020617.txt
>
> Date: June 20, 2002
> Product: Apache Web Server
> Versions: Apache 1.3 all versions including 1.3.24; Apache 2.0 all
versions
> up to 2.0.36; Apache 1.2 all versions.
>
> CAN-2002-0392 (mitre.org) [CERT VU#944335]
>
> ----------------------------------------------------------
>          ------------UPDATED ADVISORY------------
> ----------------------------------------------------------
> Introduction:
>
> While testing for Oracle vulnerabilities, Mark Litchfield discovered a
> denial of service attack for Apache on Windows.  Investigation by the
> Apache Software Foundation showed that this issue has a wider scope, which
> on some platforms results in a denial of service vulnerability, while on
> some other platforms presents a potential remote exploit vulnerability.
>
> This follow-up to our earlier advisory is to warn of known-exploitable
> conditions related to this vulnerability on both 64-bit platforms and
> 32-bit platforms alike.  Though we previously reported that 32-bit
> platforms were not remotely exploitable, it has since been proven by
> Gobbles that certain conditions allowing exploitation do exist.
>
> Successful exploitation of this vulnerability can lead to the execution of
> arbitrary code on the server with the permissions of the web server child
> process.  This can facilitate the further exploitation of vulnerabilities
> unrelated to Apache on the local system, potentially allowing the intruder
> root access.
>
> Note that early patches for this issue released by ISS and others do not
> address its full scope.
>
> Due to the existence of exploits circulating in the wild for some
platforms,
> the risk is considered high.
>
> The Apache Software Foundation has released versions 1.3.26 and 2.0.39
> that address and fix this issue, and all users are urged to upgrade
> immediately; updates can be downloaded from http://httpd.apache.org/ .
>
> As a reminder, we respectfully request that anyone who finds a potential
> vulnerability in our software reports it to security@xxxxxxxxxxx
>
> ----------------------------------------------------------
>
> The full text of this advisory including additional details is available
> at http://httpd.apache.org/info/security_bulletin_20020620.txt .
>

Follow-Ups:
- Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
  - From: Paul Wilson

Prev by Date: Re: [cobalt-security] (no subject)
Next by Date: Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
Previous by thread: Re: [cobalt-security] Weird process running
Next by thread: Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index