Advisories
Mandriva Advisories
|
 |
| Problem Description |
[ Please note that this advisory supersedes the previous MDKSA-2002:039
and MDKSA-2002:039-1 advisories. ]
MandrakeSoft is urging all users of Mandrake Linux to update their
Apache installations immediately. What was previously thought to have
been a DoS-only condition has now been proven to be more than that;
exploitable conditions have been discovered on both 32bit and 64bit
platforms. Successful exploitation of this vulnerability may lead to
the execution of arbitary code on the server running a vulnerable
Apache with the permissions of the web server child process (on
Mandrake Linux this is the user "apache"). This can be used to exploit
other vulnerabilities that are unrelated to Apache on the local system,
and potentially allow the intruder root access.
Thanks to Gobbles for proving that this exploitable condition exists.
Because there are known exploits in the wild for some platforms, this
update should be considered essential and should be performed
immediately.
All versions of Apache prior to 1.3.26 and 2.0.37 are vulnerable to
this problem. MandrakeSoft has provided patched versions of Apache to
correct this vulnerability.
Also please note that these packages are no different than those
provided in MDKSA-2002:039-1 so if you have already updated, there are
no new packages to upgrade.
| Updated Packages |
Mandrakelinux 7.1
e88a36b186ed910b350ded94ecf017eb 7.1/RPMS/apache-1.3.22-10.1mdk.i586.rpm 084e29eb5ea8f07924bd3c3aaa62e166 7.1/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 99ee271be857848a76ee4e5ddba164db 7.1/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm 7419f968d50062a46fdb5c932a4e6a66 7.1/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm a814f93494464cb1dc17ba363d128ade 7.1/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm 8ad5af9470bf2efc5a9500c0ca0dc1f0 7.1/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm fb6de8872a5f8e378df18f7867167202 7.1/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 6657b308799219bb0adcfd7339c3bacc 7.1/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm f1ec2ba965c0217b346b9c43e2d9ec3f 7.1/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm f743e6702701f49ec7c7226663e94256 7.1/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 7.1/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 7.1/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm
Mandrakelinux 7.2
cbcd89d798177d172cc380a870f93601 7.2/RPMS/apache-1.3.22-10.1mdk.i586.rpm 812a6720c2f5f87ba2e658898b4db982 7.2/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 47824b2d81b9fd3f2e89fa2a859fc7b0 7.2/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm 8646380d8ee739b07dedbe49037239e3 7.2/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm c2cfc97d6808f7641453927fa6ab2138 7.2/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm f95cc26eda9c416cf5e2b871516329f9 7.2/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm 1722fd161613caaadaecf7c210c28964 7.2/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 885e426cee102583480d33af73d95410 7.2/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm 4ffdbd4779e52664f4cd10c9dc378333 7.2/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm 0472c912f4eca60a286928914f7f1977 7.2/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 7.2/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 7.2/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm
Mandrakelinux 8.0
a841d196743ff8be5140155bf26b6c06 8.0/RPMS/apache-1.3.22-10.1mdk.i586.rpm 913417de276e1b3b7ca4987c844f690a 8.0/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 25fb2306bc4927196ba052dfc704b103 8.0/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm 18723219d012d68cf674e06787f667dd 8.0/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm ad618ff45792c4f6d1e48220e802313d 8.0/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm 8bc6da7fcf97d54512a567dc6cb8ccb1 8.0/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm ae02827f90a4982f53554290deb66e67 8.0/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 6923fa950409e09bf5f4fc956060c098 8.0/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm 0f9a055653afe3fc42c9241a9016d6e0 8.0/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm bace2f60df56c7382e39422d32c30b0e 8.0/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 8.0/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 8.0/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm
Mandrakelinux 8.0/PPC
26133a7c9c93f567cb84810f656e952f ppc/8.0/RPMS/apache-1.3.22-10.1mdk.ppc.rpm 716c398ecc4afe5529f9a00c6fd177ef ppc/8.0/RPMS/apache-common-1.3.22-10.1mdk.ppc.rpm 7c47e06cc5f746027f3097a9878a3303 ppc/8.0/RPMS/apache-devel-1.3.22-10.1mdk.ppc.rpm 7b18a419746effb8ffb71a82277d0332 ppc/8.0/RPMS/apache-manual-1.3.22-10.1mdk.ppc.rpm aadc1eaa4f1d351f278e918cc984f550 ppc/8.0/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.ppc.rpm 101422ece6691cf6c34ac775eabdbc7b ppc/8.0/RPMS/apache-modules-1.3.22-10.1mdk.ppc.rpm 1592a59441a459b672aeebc0ed76eb02 ppc/8.0/RPMS/apache-source-1.3.22-10.1mdk.ppc.rpm 498c22b912ed1fddc35115fae2af672c ppc/8.0/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.ppc.rpm 41f5918cc085da962429eae01c7264cd ppc/8.0/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.ppc.rpm ef20447e4a837606656b993edfe38c7a ppc/8.0/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.ppc.rpm 1ec9d40da21ba65855962c4b05b51f2f ppc/8.0/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 ppc/8.0/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm
Mandrakelinux 8.1
f01f2c68d9124e6e650fc06ff6db4a46 8.1/RPMS/apache-1.3.22-10.1mdk.i586.rpm 27783fc8be6747fb48abc10a3b0c77e2 8.1/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 1b6574c559c0f3161a8a73caddda146a 8.1/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm f91416ba4dc54370f047b7bd45dace62 8.1/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm 40414ad27f48f9da4f0bf097acecdc4b 8.1/RPMS/apache-mod_perl-1.3.22_1.26-4.1mdk.i586.rpm 8209dc54e8880b56a5242d195942a3be 8.1/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm 417afb2d22aa7eae89ec469ea65d131c 8.1/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 5e745c184801f2a285740c8d7cf08b72 8.1/RPMS/mod_perl-common-1.3.22_1.26-4.1mdk.i586.rpm 79ffee5c0944f733977502b1c73add5a 8.1/RPMS/mod_perl-devel-1.3.22_1.26-4.1mdk.i586.rpm 861765252ed3a55d8070d5587f1c5a50 8.1/RPMS/HTML-Embperl-1.3.22_1.3.4-4.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 8.1/SRPMS/apache-1.3.22-10.1mdk.src.rpm 5e559e9d0b701fc80aa78c65dbc57a04 8.1/SRPMS/apache-mod_perl-1.3.22_1.26-4.1mdk.src.rpm
Mandrakelinux 8.1/IA64
c33afa1e5f7ea056cbd0ad933aef1a56 ia64/8.1/RPMS/apache-1.3.22-10.1mdk.ia64.rpm 184c43ed1e75453b3a62652156f7a132 ia64/8.1/RPMS/apache-common-1.3.22-10.1mdk.ia64.rpm 6cc2cfb6407648d2a9880da1d5993a78 ia64/8.1/RPMS/apache-devel-1.3.22-10.1mdk.ia64.rpm 562c6ab26a9d0f5324ab8abb8e4fc9f8 ia64/8.1/RPMS/apache-manual-1.3.22-10.1mdk.ia64.rpm 950d02262a7111b53b1832367344089d ia64/8.1/RPMS/apache-mod_perl-1.3.22_1.26-4.1mdk.ia64.rpm 401219d5dc0efeec2aaf19965a67a94b ia64/8.1/RPMS/apache-modules-1.3.22-10.1mdk.ia64.rpm f7e7328bfe89c2050e70af3f676e1e28 ia64/8.1/RPMS/apache-source-1.3.22-10.1mdk.ia64.rpm ae2566087bee798b3d5532b1c1ff2d5d ia64/8.1/RPMS/mod_perl-common-1.3.22_1.26-4.1mdk.ia64.rpm 53aaeb8cbafce545f0fb4f2ae24145ce ia64/8.1/RPMS/mod_perl-devel-1.3.22_1.26-4.1mdk.ia64.rpm d8e950aec1b517d7e43dbeb13a92ca65 ia64/8.1/RPMS/HTML-Embperl-1.3.22_1.3.4-4.1mdk.ia64.rpm 1ec9d40da21ba65855962c4b05b51f2f ia64/8.1/SRPMS/apache-1.3.22-10.1mdk.src.rpm 5e559e9d0b701fc80aa78c65dbc57a04 ia64/8.1/SRPMS/apache-mod_perl-1.3.22_1.26-4.1mdk.src.rpm
Mandrakelinux 8.2
d4b8e74109a6a9a06b77f4ca00703cb4 8.2/RPMS/apache-1.3.23-4.1mdk.i586.rpm 5d31265dfbaeadfbe1166c4724f9c25b 8.2/RPMS/apache-common-1.3.23-4.1mdk.i586.rpm 17bd94c4c80f8b9ce126f0b21bf961f0 8.2/RPMS/apache-devel-1.3.23-4.1mdk.i586.rpm 490f38b5a2151b2cc77c203ae34aa730 8.2/RPMS/apache-manual-1.3.23-4.1mdk.i586.rpm 4f3e54f01aca15c5df969a7064a4f9bd 8.2/RPMS/apache-mod_perl-1.3.23_1.26-5.1mdk.i586.rpm 7d95deff869faee09fe98c724e80f9ef 8.2/RPMS/apache-modules-1.3.23-4.1mdk.i586.rpm f7d87a1c308557aa6239e7fcd9e81a79 8.2/RPMS/apache-source-1.3.23-4.1mdk.i586.rpm f996109f1ac074cdd90e4edd13c252de 8.2/RPMS/mod_perl-common-1.3.23_1.26-5.1mdk.i586.rpm 07c6d444c12e46d4a1a316cd4515261f 8.2/RPMS/mod_perl-devel-1.3.23_1.26-5.1mdk.i586.rpm a978089b6b0166f11fb7470106d4b411 8.2/RPMS/HTML-Embperl-1.3.23_1.3.4-5.1mdk.i586.rpm d95c5a21cc4afa31842be448f3cb6706 8.2/SRPMS/apache-1.3.23-4.1mdk.src.rpm d8cd1dcc8132f3fea8e5859b049cb4e0 8.2/SRPMS/apache-mod_perl-1.3.23_1.26-5.1mdk.src.rpm
Mandrakelinux 8.2/PPC
5e704d302c63f04fafa1d638b05b727f ppc/8.2/RPMS/apache-1.3.23-4.1mdk.ppc.rpm 40b0cf509f1c61bdb7839b327bf24b11 ppc/8.2/RPMS/apache-common-1.3.23-4.1mdk.ppc.rpm 84baeef6cd679067e8ed749b695c91d0 ppc/8.2/RPMS/apache-devel-1.3.23-4.1mdk.ppc.rpm d37d2b4f7025782f611d5e20df6b5189 ppc/8.2/RPMS/apache-manual-1.3.23-4.1mdk.ppc.rpm 3d5e185655df9bdc6606a21363862bdd ppc/8.2/RPMS/apache-mod_perl-1.3.23_1.26-5.1mdk.ppc.rpm c638e0fff62d6f6778d9a0fdd6d37d12 ppc/8.2/RPMS/apache-modules-1.3.23-4.1mdk.ppc.rpm 7a8212db2441bc3902e62633f081bb38 ppc/8.2/RPMS/apache-source-1.3.23-4.1mdk.ppc.rpm afe9bac22898aec350365823574be78e ppc/8.2/RPMS/mod_perl-common-1.3.23_1.26-5.1mdk.ppc.rpm 5c87d6fdd4c22b8a210a82310c6f8466 ppc/8.2/RPMS/mod_perl-devel-1.3.23_1.26-5.1mdk.ppc.rpm 31e1f7b4a7b4718527ebc3a4cb88f0ba ppc/8.2/RPMS/perl-Apache-Session-1.54-2mdk.noarch.rpm 0ae8d78611012756b767181ff1236553 ppc/8.2/RPMS/HTML-Embperl-1.3.23_1.3.4-5.1mdk.ppc.rpm d95c5a21cc4afa31842be448f3cb6706 ppc/8.2/SRPMS/apache-1.3.23-4.1mdk.src.rpm d8cd1dcc8132f3fea8e5859b049cb4e0 ppc/8.2/SRPMS/apache-mod_perl-1.3.23_1.26-5.1mdk.src.rpm d97cf098556de43b291ada4376a18fc3 ppc/8.2/SRPMS/perl-Apache-Session-1.54-2mdk.src.rpm
Corporate Server 1.0.1
e88a36b186ed910b350ded94ecf017eb 1.0.1/RPMS/apache-1.3.22-10.1mdk.i586.rpm 084e29eb5ea8f07924bd3c3aaa62e166 1.0.1/RPMS/apache-common-1.3.22-10.1mdk.i586.rpm 99ee271be857848a76ee4e5ddba164db 1.0.1/RPMS/apache-devel-1.3.22-10.1mdk.i586.rpm 7419f968d50062a46fdb5c932a4e6a66 1.0.1/RPMS/apache-manual-1.3.22-10.1mdk.i586.rpm a814f93494464cb1dc17ba363d128ade 1.0.1/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm 8ad5af9470bf2efc5a9500c0ca0dc1f0 1.0.1/RPMS/apache-modules-1.3.22-10.1mdk.i586.rpm fb6de8872a5f8e378df18f7867167202 1.0.1/RPMS/apache-source-1.3.22-10.1mdk.i586.rpm 6657b308799219bb0adcfd7339c3bacc 1.0.1/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm f1ec2ba965c0217b346b9c43e2d9ec3f 1.0.1/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm f743e6702701f49ec7c7226663e94256 1.0.1/RPMS/HTML-Embperl-1.3.22_1.3.4-2.1mdk.i586.rpm 1ec9d40da21ba65855962c4b05b51f2f 1.0.1/SRPMS/apache-1.3.22-10.1mdk.src.rpm 4a21f924efa9b33df29b63838a0bd283 1.0.1/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392
http://httpd.apache.org/info/security_bulletin_20020617.txt
http://httpd.apache.org/info/security_bulletin_20020620.txt
http://online.securityfocus.com/news/493
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.