Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa/glsa-200405-22.xml
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa/glsa-200405-22.xml')
-rw-r--r--metadata/glsa/glsa-200405-22.xml82
1 files changed, 82 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200405-22.xml b/metadata/glsa/glsa-200405-22.xml
new file mode 100644
index 000000000000..ffe51487bbdb
--- /dev/null
+++ b/metadata/glsa/glsa-200405-22.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200405-22">
+ <title>Apache 1.3: Multiple vulnerabilities</title>
+ <synopsis>
+ Several security vulnerabilities have been fixed in the latest release of
+ Apache 1.3.
+ </synopsis>
+ <product type="ebuild">Apache</product>
+ <announced>2004-05-26</announced>
+ <revised>2007-12-30: 02</revised>
+ <bug>51815</bug>
+ <access>remote </access>
+ <affected>
+ <package name="www-servers/apache" auto="yes" arch="*">
+ <unaffected range="ge">1.3.31</unaffected>
+ <vulnerable range="lt">1.3.31</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The Apache HTTP Server Project is an effort to develop and maintain an
+ open-source HTTP server for modern operating systems. The goal of this
+ project is to provide a secure, efficient and extensible server that
+ provides services in tune with the current HTTP standards.
+ </p>
+ </background>
+ <description>
+ <p>
+ On 64-bit big-endian platforms, mod_access does not properly parse
+ Allow/Deny rules using IP addresses without a netmask which could result in
+ failure to match certain IP addresses.
+ </p>
+ <p>
+ Terminal escape sequences are not filtered from error logs. This could be
+ used by an attacker to insert escape sequences into a terminal emulater
+ vulnerable to escape sequences.
+ </p>
+ <p>
+ mod_digest does not properly verify the nonce of a client response by using
+ a AuthNonce secret. This could permit an attacker to replay the response of
+ another website. This does not affect mod_auth_digest.
+ </p>
+ <p>
+ On certain platforms there is a starvation issue where listening sockets
+ fails to handle short-lived connection on a rarely-accessed listening
+ socket. This causes the child to hold the accept mutex and block out new
+ connections until another connection arrives on the same rarely-accessed
+ listening socket thus leading to a denial of service.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ These vulnerabilities could lead to attackers bypassing intended access
+ restrictions, denial of service, and possibly execution of arbitrary code.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users should upgrade to the latest stable version of Apache 1.3.
+ </p>
+ <code>
+ # emerge sync
+
+ # emerge -pv "&gt;=www-servers/apache-1.3.31"
+ # emerge "&gt;=www-servers/apache-1.3.31"</code>
+ </resolution>
+ <references>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993">CAN-2003-0993</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</uri>
+ </references>
+ <metadata tag="submitter">
+ jaervosz
+ </metadata>
+</glsa>