Skip to navigation

Security Advisory apache, mod_ssl, php security update for Stronghold

Advisory: RHSA-2002:248-05
Type: Security Advisory
Severity: Important
Issued on: 2002-11-07
Last updated on: 2002-11-05
Affected Products: Red Hat Stronghold for Enterprise Linux
CVEs (cve.mitre.org): CVE-2002-0839
CVE-2002-0840
CVE-2002-0843
CVE-2002-0985
CVE-2002-0986
CVE-2002-1157

Details

Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fixes two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.

The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.

Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27, allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.

Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use, and would allow remote attackers
to execute scripts as other Web page visitors, for instance, to steal
cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27, allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.

The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.

Stronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Stronghold for Enterprise Linux

SRPMS:
stronghold-apache-1.3.22-20.src.rpm
File outdated by:  RHSA-2006:0692
    MD5: 5408526ae312a23156cf863b4259584c
stronghold-mod_ssl-2.8.7-5.src.rpm
File outdated by:  RHSA-2005:816
    MD5: f7c5fc4bf50ab4bce89e6a3d1e9984dd
stronghold-php-4.1.2-5.src.rpm
File outdated by:  RHSA-2007:0163
    MD5: 072a3930cd1e79976479b991cb543883
 
IA-32:
stronghold-apache-1.3.22-20.i386.rpm
File outdated by:  RHSA-2006:0692
    MD5: 03a9374820ddc0e6c9bd18306cf38c8d
stronghold-apache-devel-1.3.22-20.i386.rpm
File outdated by:  RHSA-2006:0692
    MD5: 0e18e4c7c3b26b12a6f8907e2130e3ab
stronghold-apache-manual-1.3.22-20.i386.rpm
File outdated by:  RHSA-2006:0692
    MD5: fb5c698104fa10c3975d0315b13dae7b
stronghold-mod_ssl-2.8.7-5.i386.rpm
File outdated by:  RHSA-2005:816
    MD5: 2d87c146d809c5201d4cfe49283f2fd2
stronghold-php-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: 5b3370b8e2713ab7b5db137a587838bc
stronghold-php-devel-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: d3f3848dc1c42fc092f0528b2d84e418
stronghold-php-imap-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: f8c944ff8c64efc416ef9754a4afcab1
stronghold-php-ldap-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: 1aa86e8153db6e8fee058224f097a31e
stronghold-php-manual-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: a8dbeb5dbaa793a0e292f68f9017bf2b
stronghold-php-mysql-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: 83fbe6c99cf0162070acac923913a19c
stronghold-php-odbc-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: a76b63d5648ab3143f76d9368d35b722
stronghold-php-pgsql-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: 44b6fc21ab9761f942ac372a64aa214f
stronghold-php-snmp-4.1.2-5.i386.rpm
File outdated by:  RHSA-2007:0163
    MD5: 289f8d94f1226e649adfb1b70aa1f4eb
 

References


Keywords

ab, apache, mode, mod_ssl, php, safe, scoreboard, xss


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/