Support / Sécurité / Annonces de sécurité / Corporate Server 1.0.1 / MDKSA-2002:048

Nom du paquet: mod_ssl
Date: 2002-08-08
Advisory ID: MDKSA-2002:048
Affected versions: 8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.1 i586 , 7.2 i586

Problem description

Frank Denis discovered an off-by-one error in mod_ssl dealing with the handling of older configuration directorives (the rewrite_command hook). A malicious user could use a specially-crafted .htaccess file to execute arbitrary commands as the apache user or execute a DoS against the apache child processes. This vulnerability is fixed in mod_ssl 2.8.10; patches have been applied to correct this problem in these packages.

Updated packages

8.1 i586

 f55a946cac1b64bf4c9b1952aa9b779a  ia64/8.1/RPMS/mod_ssl-2.8.5-3.1mdk.ia64.rpm
9f28eb3330d357a7bb7e27fb16da757b  ia64/8.1/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

SNF7.2 i586

 b22c66c49703a46c10507da989e72948  snf7.2/RPMS/mod_ssl-2.8.4-5.1mdk.i586.rpm
6bf148ae0fe73cd6874d6c08b711ae10  snf7.2/SRPMS/mod_ssl-2.8.4-5.1mdk.src.rpm

CS1.0 i586

 8f336f83c0ad7ba0f21da3f805839b77  1.0.1/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  1.0.1/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

8.1 i586

 7817c09901d4be439fd00bfd4cf9cc1b  8.1/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  8.1/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

8.0 i586

 3f8e7d148ea509d27d0e59587ac86602  8.0/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  8.0/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

8.2 i586

 406eee7d9607cf40f5cea3376fe38697  8.2/RPMS/mod_ssl-2.8.7-3.1mdk.i586.rpm
9e421423dc9cef30f0a1b04a49ab87da  8.2/SRPMS/mod_ssl-2.8.7-3.1mdk.src.rpm

8.0 i586

 d9e727172d7147dc3ec9140c24fcacff  ppc/8.0/RPMS/mod_ssl-2.8.5-3.1mdk.ppc.rpm
9f28eb3330d357a7bb7e27fb16da757b  ppc/8.0/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

8.2 i586

 01fc7c44707f19136d6f31b75ad754e1  ppc/8.2/RPMS/mod_ssl-2.8.7-3.1mdk.ppc.rpm
9e421423dc9cef30f0a1b04a49ab87da  ppc/8.2/SRPMS/mod_ssl-2.8.7-3.1mdk.src.rpm

7.1 i586

 8f336f83c0ad7ba0f21da3f805839b77  7.1/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  7.1/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

7.2 i586

 39ce2c8b476fd8069c8f0fe7aedbef21  7.2/RPMS/mod_ssl-2.8.5-3.1mdk.i586.rpm
9f28eb3330d357a7bb7e27fb16da757b  7.2/SRPMS/mod_ssl-2.8.5-3.1mdk.src.rpm

MDKSA-2002:048

Problem description

Updated packages

8.1 i586

SNF7.2 i586

CS1.0 i586

8.1 i586

8.0 i586

8.2 i586

8.0 i586

8.2 i586

7.1 i586

7.2 i586

References