Vulnerability Bulletins

int(676)

Vulnerability Bulletins

Vulnerabilidad en Apache 1.3 sobre plataformas big-endian de 64 bits
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de la visibilidad
Dificulty	Principiante
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Apache 1.3 httpd < 1.3.31
Description
Se ha descubierto un error de diseño en las versiones anteriores a la 1.3.31 de Apache 1.3 corriendo sobre plataformas big-endian de 64 bits. La vulnerabilidad se encuentra en el parseo incorrecto de las directivas Allow/Deny cuándo se usan direcciones IP sin máscara de red. La explotación de esta vulnerabilidad podría permitir a un atacante remoto saltarse las restricciones dadas por estas directivas.
Solution
Actualización de software Apache Apache httpd 1.3.31 http://httpd.apache.org/download.cgi OpenBSD OpenBSD 3.3 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch OpenBSD 3.4 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/014_httpd2.patch Mandrake Linux Mandrake Linux 9.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-1.3.27-8.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-devel-1.3.27-8.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-modules-1.3.27-8.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-source-1.3.27-8.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/apache-1.3.27-8.2.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-1.3.27-8.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-devel-1.3.27-8.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-modules-1.3.27-8.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-source-1.3.27-8.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/apache-1.3.27-8.2.91mdk.src.rpm Mandrake Linux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-1.3.28-3.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-devel-1.3.28-3.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-modules-1.3.28-3.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-source-1.3.28-3.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/apache-1.3.28-3.2.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-1.3.28-3.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-devel-1.3.28-3.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-modules-1.3.28-3.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-source-1.3.28-3.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/apache-1.3.28-3.2.92mdk.src.rpm Mandrake Multi Network Firewall 8.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/apache-1.3.23-4.4.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/apache-common-1.3.23-4.4.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/apache-modules-1.3.23-4.4.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/apache-1.3.23-4.4.M82mdk.src.rpm Mandrake Corporate Server 2.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-common-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-devel-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-manual-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-modules-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-source-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/apache-1.3.26-7.1.C21mdk.src.rpm x86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.1.C21mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-1.3.29-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-devel-1.3.29-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-modules-1.3.29-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-source-1.3.29-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/apache-1.3.29-1.1.100mdk.src.rpm Mandrake Linux (apache-mod_perl) Mandrakelinux 9.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/HTML-Embperl-1.3.27_1.3.4-7.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-mod_perl-1.3.27_1.27-7.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/mod_perl-common-1.3.27_1.27-7.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/mod_perl-devel-1.3.27_1.27-7.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/apache-mod_perl-1.3.27_1.27-7.1.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/HTML-Embperl-1.3.27_1.3.4-7.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-mod_perl-1.3.27_1.27-7.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/mod_perl-common-1.3.27_1.27-7.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/mod_perl-devel-1.3.27_1.27-7.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/apache-mod_perl-1.3.27_1.27-7.1.91mdk.src.rpm Mandrakelinux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/HTML-Embperl-1.3.28_1.3.4-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-mod_perl-1.3.28_1.28-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mod_perl-common-1.3.28_1.28-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mod_perl-devel-1.3.28_1.28-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/apache-mod_perl-1.3.28_1.28-1.1.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/HTML-Embperl-1.3.28_1.3.4-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-mod_perl-1.3.28_1.28-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mod_perl-common-1.3.28_1.28-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mod_perl-devel-1.3.28_1.28-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/apache-mod_perl-1.3.28_1.28-1.1.92mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/HTML-Embperl-1.3.29_1.3.6-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-mod_perl-1.3.29_1.29-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mod_perl-common-1.3.29_1.29-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mod_perl-devel-1.3.29_1.29-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/HTML-Embperl-1.3.29_1.3.6-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache-mod_perl-1.3.29_1.29-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mod_perl-common-1.3.29_1.29-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mod_perl-devel-1.3.29_1.29-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.1.100mdk.src.rpm Corporate Server 2.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/HTML-Embperl-1.3.26_1.3.4-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-mod_perl-1.3.26_1.27-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/mod_perl-common-1.3.26_1.27-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/mod_perl-devel-1.3.26_1.27-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/apache-mod_perl-1.3.26_1.27-7.1.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/HTML-Embperl-1.3.26_1.3.4-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-mod_perl-1.3.26_1.27-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/mod_perl-common-1.3.26_1.27-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/mod_perl-devel-1.3.26_1.27-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/apache-mod_perl-1.3.26_1.27-7.1.C21mdk.src.rpm HP-UX B.11.04 Virtualvault A.04.70: instale los parches PHSS_30944 (actualización de Virtualvault 4.7 IWS) y PHSS_31058 (actualización de Virtualvault 4.7 OWS) Virtualvault A.04.60: instale los parches PHSS_30946 (actualización de Virtualvault 4.6 IWS) y PHSS_31057 (actualización de Virtualvault 4.6 OWS) Virtualvault A.04.50: instale los parches PHSS_30647 (actualización de Virtualvault 4.5 IWS) y PHSS_30648 (actualización de Virtualvault 4.5 OWS) Webproxy A.02.10: instale el parche PHSS_30950 (actualización de Webproxy server 2.1) Webproxy A.02.00: instale el parche PHSS_30949 (actualización de Webproxy server 2.0) http://software.hp.com Sun Solaris 9 SPARC http://sunsolve.sun.com/search/document.do?assetkey=1-21-113146-05-1 x86 http://sunsolve.sun.com/search/document.do?assetkey=1-21-114145-04-1 Solaris 8 SPARC http://sunsolve.sun.com/search/document.do?assetkey=1-21-116973-01-1 x86 http://sunsolve.sun.com/search/document.do?assetkey=1-21-116974-01-1 SUN SPARC Platform Solaris 8 con parche 116973-02 o posterior x86 Platform Solaris 8 con parche 116974-02 o posterior SPARC Platform Solaris 8 con parche 116973-02 o posterior Solaris 9 con parche 113146-05 o posterior x86 Platform Solaris 8 con parche 116974-02 o posterior Solaris 9 con parche 114145-04 o posterior
Standar resources
Property	Value
CVE	CAN-2003-0993
BID
Other resources
Apache Security http://www.apacheweek.com/features/security-13 OpenBSD Security Advisory http://www.openbsd.org/security.html MandrakeSoft Security Advisory MDKSA-2004:046 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046 Mandrakesoft Security Advisory MDKSA-2004:046-1 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:046-1 HP Security Bulletin HPSBUX01069 http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01069 Sun(sm) Alert Notification 57628 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1 Sun Alert Notification (101841) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1&searchclause=%22category:security%22%20%22availability,%20security%22%20category:security Sun Alert Notification (101555) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1&searchclause=%22category:security%22%20%22availability,%20s ecurity%22%20category:security.com

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-03-10
1.1	Apache 1.3.31 disponible	2004-05-14
1.2	Aviso emitido por Mandrake (MDKSA-2004:046)	2004-05-18
1.3	Aviso emitido por Mandrake (MDKSA-2004:046-1)	2004-05-21
1.4	Aviso emitido por HP (HPSBUX01069)	2004-08-13
1.5	Aviso emitido por Sun (57628)	2004-09-09
1.6	Aviso actualizado por Sun (57628)	2004-10-13
1.7	Aviso actualizado por SUN (101841)	2005-08-12
1.8	Aviso actualizado por SUN (101555)	2005-08-19

Vulnerability Bulletins

Vulnerabilidad en Apache 1.3 sobre plataformas big-endian de 64 bits

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history