The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 101555 Security Vulnerabilities in the Apache Web Server and Apache Modules

Guest Author
Product: Solaris 9 Operating System, Solaris 8 Operating System

A local or remote unprivileged user may be able execute arbitrary code on Solaris 8 or Solaris 9 systems running Apache with privileges of the Apache HTTP process, due to several security vulnerabilities in the Apache Web Server and Apache Web Server modules.

The Apache HTTP process normally runs as the unprivileged uid "nobody" (uid 60001). The ability to execute arbitrary code as the unprivileged uid "nobody" may lead to modified web content, denial of service, or further compromise.

These issues are described at the following sites:

The Change Log for Apache 1.3, at http://www.apache.org/dist/httpd/CHANGES_1.3

CAN-2003-0987: "mod_digest issue" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987

CAN-2003-0020: "filtering of data sent to errorlog" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020

CAN-2004-0174: "possible denial of service" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174

CAN-2003-0993: "mod_access on 64-bit platforms" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993

CAN-2004-0492: "buffer overflow in mod_proxy" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492

Note that Apache 1.3.31 addresses the first four of these five security vulnerabilities. Additional changes were made to address CAN-2004-0492 in Sun's version of Apache 1.3.31.

Avoidance: Patch
State: Resolved
First released: 24-Aug-2004

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.