int(1369)

Vulnerability Bulletins


Vulnerabilidad en mod_python

Vulnerability classification

Property Value
Confidence level Oficial
Impact Aumento de la visibilidad
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information

Property Value
Affected manufacturer GNU/Linux
Affected software mod_python

Description

Se ha descubierto una vulnerabilidad en el módulo para Apache mod_python. La vulnerabilidad reside en el manejador de publicación que sirve para poder llamar a los objetos de un módulo mediante una URL.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto obtener acceso a objetos que no deberían ser visibles mediante el uso de URLs especialmente diseñadas.

Solution



Actualización de software

Red Hat Linux

Red Hat Desktop (v. 3)
SRPMS
mod_python-3.0.3-5.ent.src.rpm
IA-32
mod_python-3.0.3-5.ent.i386.rpm
x86_64
mod_python-3.0.3-5.ent.x86_64.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS
mod_python-2.7.8-3.1.src.rpm
IA-32
mod_python-2.7.8-3.1.i386.rpm
IA-64
mod_python-2.7.8-3.1.ia64.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux AS (v. 3)
SRPMS
mod_python-3.0.3-5.ent.src.rpm
IA-32
mod_python-3.0.3-5.ent.i386.rpm
IA-64
mod_python-3.0.3-5.ent.ia64.rpm
PPC
mod_python-3.0.3-5.ent.ppc.rpm
s390
mod_python-3.0.3-5.ent.s390.rpm
s390x
mod_python-3.0.3-5.ent.s390x.rpm
x86_64
mod_python-3.0.3-5.ent.x86_64.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux ES (v. 2.1)
SRPMS
mod_python-2.7.8-3.1.src.rpm
IA-32
mod_python-2.7.8-3.1.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux ES (v. 3)
SRPMS
mod_python-3.0.3-5.ent.src.rpm
IA-32
mod_python-3.0.3-5.ent.i386.rpm
IA-64
mod_python-3.0.3-5.ent.ia64.rpm
x86_64
mod_python-3.0.3-5.ent.x86_64.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux WS (v. 2.1)
SRPMS
mod_python-2.7.8-3.1.src.rpm
IA-32
mod_python-2.7.8-3.1.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux WS (v. 3)
SRPMS
mod_python-3.0.3-5.ent.src.rpm
IA-32
mod_python-3.0.3-5.ent.i386.rpm
IA-64
mod_python-3.0.3-5.ent.ia64.rpm
x86_64
mod_python-3.0.3-5.ent.x86_64.rpm
https://rhn.redhat.com/

Red Hat Linux Advanced Workstation 2.1 Itanium Processor
SRPMS
mod_python-2.7.8-3.1.src.rpm
IA-64
mod_python-2.7.8-3.1.ia64.rpm
https://rhn.redhat.com/

Red Hat Linux
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
https://rhn.redhat.com/

Debian Linux

Debian Linux 3.0
Source
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5.dsc
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5.diff.gz
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8.orig.tar.gz
Alpha
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_alpha.deb
ARM
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_sparc.deb

Standar resources

Property Value
CVE CAN-2005-0088
BID

Other resources

Red Hat Security Advisory RHSA-2005:104-03
https://rhn.redhat.com/errata/RHSA-2005-104.html

Red Hat Security Advisory RHSA-2005:100-04
https://rhn.redhat.com/errata/RHSA-2005-100.html

Debian Security Advisory DSA 689-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00068.html

Version history

Version Comments Date
1.0 Aviso emitido 2005-02-11
1.1 Aviso emitido por Red Hat (RHSA-2005:100-04) 2005-02-16
1.2 Aviso emitido por Debian (DSA 689-1) 2005-02-23
Ministerio de Defensa
CNI
CCN
CCN-CERT