Support / Security / Advisories / Mandrakelinux 9.2 / MDKSA-2004:134

Package name: apache
Date: 2004-11-15
Advisory ID: MDKSA-2004:134
Affected versions: 9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , 9.2 i586 , MNF8.2 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI. The updated packages have been patched to prevent this problem.

Updated packages

9.2 amd64

 847b57769bf31fe0933ee5f2f3cd5586  amd64/9.2/RPMS/apache-1.3.28-3.4.92mdk.amd64.rpm
4b42d87ff1e277115eb188de3452ee12  amd64/9.2/RPMS/apache-devel-1.3.28-3.4.92mdk.amd64.rpm
ee420117615b815a34d012d9a6c0d59a  amd64/9.2/RPMS/apache-modules-1.3.28-3.4.92mdk.amd64.rpm
b1dfc904b593ec60933134edf93f2abb  amd64/9.2/RPMS/apache-source-1.3.28-3.4.92mdk.amd64.rpm
7c7a7c952c51d53d803eee4b3fe5bbfa  amd64/9.2/SRPMS/apache-1.3.28-3.4.92mdk.src.rpm

CS2.1 x86_64

 3e2e5b9bdc272d7dd20a83864c120c1f  x86_64/corporate/2.1/RPMS/apache-1.3.26-7.3.C21mdk.x86_64.rpm
583c055dd96b1d8ca0bb1dcbdd6bb3e3  x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.3.C21mdk.x86_64.rpm
3d91ed0d804bf7083fcdc465b3a4458b  x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.3.C21mdk.x86_64.rpm
0aade5cac03993197a02023e2c396026  x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.3.C21mdk.x86_64.rpm
03a05949dec2afe3bd418cac70672d76  x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.3.C21mdk.x86_64.rpm
a220e75582a4bceb685c96d255fb8541  x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.3.C21mdk.x86_64.rpm
b376625c753b03c793aa43eacd9aed26  x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.3.C21mdk.src.rpm

10.0 amd64

 758197d601e4b7ebf3392d2ba277c75c  amd64/10.0/RPMS/apache-1.3.29-1.3.100mdk.amd64.rpm
d8f014db6377f8143ce64528247e6cda  amd64/10.0/RPMS/apache-devel-1.3.29-1.3.100mdk.amd64.rpm
1df2e1b10fa30b56edd2af8155cc727b  amd64/10.0/RPMS/apache-modules-1.3.29-1.3.100mdk.amd64.rpm
2696f7d9da96ffe0e2dfe1cfc890f8fa  amd64/10.0/RPMS/apache-source-1.3.29-1.3.100mdk.amd64.rpm
7aec1cfd1649215c64a103b48ea0e999  amd64/10.0/SRPMS/apache-1.3.29-1.3.100mdk.src.rpm

10.1 i586

 a243088ce931b9d53c12989b0a9e7a18  10.1/RPMS/apache-1.3.31-7.1.101mdk.i586.rpm
5d3bcb6165e112ea4309f4a81901e2e9  10.1/RPMS/apache-devel-1.3.31-7.1.101mdk.i586.rpm
6e1b20d47e0fd002047170b888cfa318  10.1/RPMS/apache-modules-1.3.31-7.1.101mdk.i586.rpm
72f4a38cde2d8926940016a6189f2524  10.1/RPMS/apache-source-1.3.31-7.1.101mdk.i586.rpm
1716a37f5222cee27bebf5e83c0923da  10.1/SRPMS/apache-1.3.31-7.1.101mdk.src.rpm

10.0 i586

 0be6313dae811fcc0b001b2d9620113b  10.0/RPMS/apache-1.3.29-1.3.100mdk.i586.rpm
6c787e8c03418783f0f7100a9e805f15  10.0/RPMS/apache-devel-1.3.29-1.3.100mdk.i586.rpm
e2f7d5da46a5d2e16c84a2696371d189  10.0/RPMS/apache-modules-1.3.29-1.3.100mdk.i586.rpm
42aafb3a8a7a88f0f77d25431b064e59  10.0/RPMS/apache-source-1.3.29-1.3.100mdk.i586.rpm
7aec1cfd1649215c64a103b48ea0e999  10.0/SRPMS/apache-1.3.29-1.3.100mdk.src.rpm

9.2 i586

 175e886ff0c9eece52bea1f261a769be  9.2/RPMS/apache-1.3.28-3.4.92mdk.i586.rpm
b9fe7ecf4e142a9ac62b5d25654b2359  9.2/RPMS/apache-devel-1.3.28-3.4.92mdk.i586.rpm
26f6a86c6da232048d536564f3b77b93  9.2/RPMS/apache-modules-1.3.28-3.4.92mdk.i586.rpm
aaf112d3516184d3db4c6c2199bf6eae  9.2/RPMS/apache-source-1.3.28-3.4.92mdk.i586.rpm
7c7a7c952c51d53d803eee4b3fe5bbfa  9.2/SRPMS/apache-1.3.28-3.4.92mdk.src.rpm

MNF8.2 i586

 afe0f49e0bd816d726c2e5f1579eb0ce  mnf8.2/RPMS/apache-1.3.23-4.5.M82mdk.i586.rpm
d3f3fba0c1c54cf2f3de11c3722901b8  mnf8.2/RPMS/apache-common-1.3.23-4.5.M82mdk.i586.rpm
04fe0084f12e171795aff5016a0da248  mnf8.2/RPMS/apache-modules-1.3.23-4.5.M82mdk.i586.rpm
e13e1435dc81e58010001058a521a6c7  mnf8.2/SRPMS/apache-1.3.23-4.5.M82mdk.src.rpm

CS2.1 i586

 dd2cfbb0ab7b92ae351b19d65a18d5c7  corporate/2.1/RPMS/apache-1.3.26-7.3.C21mdk.i586.rpm
c3edf47b293c026d0c2e33f774a724b2  corporate/2.1/RPMS/apache-common-1.3.26-7.3.C21mdk.i586.rpm
4be8f536da810f6eb1b68d5a50d4acb9  corporate/2.1/RPMS/apache-devel-1.3.26-7.3.C21mdk.i586.rpm
96153a44fa444ef06254cc306e1eb131  corporate/2.1/RPMS/apache-manual-1.3.26-7.3.C21mdk.i586.rpm
a1fa6c40d67306178ad316e93ff5fc90  corporate/2.1/RPMS/apache-modules-1.3.26-7.3.C21mdk.i586.rpm
fd1a28a818d4731dc2b0eb441a724660  corporate/2.1/RPMS/apache-source-1.3.26-7.3.C21mdk.i586.rpm
b376625c753b03c793aa43eacd9aed26  corporate/2.1/SRPMS/apache-1.3.26-7.3.C21mdk.src.rpm

10.1 x86_64

 fab98ae8cd03d1ee56112ba150f59709  x86_64/10.1/RPMS/apache-1.3.31-7.1.101mdk.x86_64.rpm
4b58ca0f66f52301e136bddda3c85e79  x86_64/10.1/RPMS/apache-devel-1.3.31-7.1.101mdk.x86_64.rpm
7aaaaf961b6bc370df2bf65e9c65e5ff  x86_64/10.1/RPMS/apache-modules-1.3.31-7.1.101mdk.x86_64.rpm
7bb6ff6c0142204ec571c2aff2f300cd  x86_64/10.1/RPMS/apache-source-1.3.31-7.1.101mdk.x86_64.rpm
1716a37f5222cee27bebf5e83c0923da  x86_64/10.1/SRPMS/apache-1.3.31-7.1.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940