From owner-freebsd-apache@FreeBSD.ORG Wed Feb 1 17:59:54 2012 Return-Path: Delivered-To: apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0CB15106566B; Wed, 1 Feb 2012 17:59:54 +0000 (UTC) (envelope-from bsd-src@helfman.org) Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by mx1.freebsd.org (Postfix) with ESMTP id C7F248FC0C; Wed, 1 Feb 2012 17:59:53 +0000 (UTC) Received: by dakl33 with SMTP id l33so2216437dak.17 for ; Wed, 01 Feb 2012 09:59:53 -0800 (PST) Received: by 10.68.189.65 with SMTP id gg1mr61091198pbc.66.1328119193293; Wed, 01 Feb 2012 09:59:53 -0800 (PST) Received: from dormouse.experts-exchange.com ([72.29.164.238]) by mx.google.com with ESMTPS id c5sm64850255pbq.13.2012.02.01.09.59.52 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 01 Feb 2012 09:59:52 -0800 (PST) Sender: Jason Helfman Date: Wed, 1 Feb 2012 09:58:58 -0800 From: Jason Helfman To: rene@freebsd.org Message-ID: <20120201175858.GB46116@dormouse.experts-exchange.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="aVD9QWMuhilNxW9f" Content-Disposition: inline X-Operating-System: FreeBSD 8.2-RELEASE amd64 Organization: The FreeBSD Project, http://www.freebsd.org X-Living-The-Dream: I love the SLO Life! X-PGP-FingerPrint: 8E0D C457 9A0F C91C 23F3 0454 2059 9A63 4150 D3DC X-PGP-Key: http://people.freebsd.org/~jgh/jgh.asc User-Agent: Mutt/1.5.21 (2010-09-15) Cc: crees@freebsd.org, apache@freebsd.org Subject: documentation for apache vulnerability, over for approval X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2012 17:59:54 -0000 --aVD9QWMuhilNxW9f Content-Type: multipart/mixed; boundary="k1lZvvs/B4yU6o8G" Content-Disposition: inline --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Over for approval. -jgh Thanks, Jason --=20 Jason Helfman | FreeBSD Committer jgh@FreeBSD.org | http://people.freebsd.org/~jgh --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="vuln.xml.patch.txt" Content-Transfer-Encoding: quoted-printable ? vuln.xml.patch.txt ? files/test Index: vuln.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2585 diff -u -r1.2585 vuln.xml --- vuln.xml 31 Jan 2012 13:34:00 -0000 1.2585 +++ vuln.xml 1 Feb 2012 00:53:25 -0000 @@ -46,6 +46,60 @@ Note: Please add new entries to the beginning of this file. =20 --> + + apache -- multiple vulnerabilities + + + apache + 2.*2.2.21 + + + + +

CVE Mitre reports:

+
+

Integer overflow in the ap_pregsub function in server/util.c in the + Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, whe= n the + mod_setenvif module is enabled, allows local users to gain privileges= via a + .htaccess file with a crafted SetEnvIf directive, in conjunction with= a + crafted HTTP request header, leading to a heap-based buffer overflow.=

+

A flaw was found in mod_log_config. If the '%{cookiename}C' log form= at + string is in use, a remote attacker could send a specific cookie caus= ing a + crash. This crash would only be a denial of service if using a thread= ed + MPM.

+

A flaw was found in the handling of the scoreboard. An unprivileged + child process could cause the parent process to crash at shutdown rat= her + than terminate cleanly.

+

An additional exposure was found when using mod_proxy in reverse pro= xy + mode. In certain configurations using RewriteRule with proxy flag or + ProxyPassMatch, a remote attacker could cause the reverse proxy to co= nnect + to an arbitrary server, possibly disclosing sensitive information from + internal web servers not directly accessible to attacker.

+

A flaw was found in the default error response for status code 400. = This + flaw could be used by an attacker to expose "httpOnly" cookies when no + custom ErrorDocument is specified.

+

An exposure was found when using mod_proxy in reverse proxy mode. In + certain configurations using RewriteRule with proxy flag or ProxyPass= Match, + a remote attacker could cause the reverse proxy to connect to an arbi= trary + server, possibly disclosing sensitive information from internal web s= ervers + not directly accessible to attacker.

+
+ + + + CVE-2011-3607 + CVE-2012-0021 + CVE-2012-0031 + CVE-2011-4317 + CVE-2012-0053 + CVE-2011-3368 + + + 2011-10-05 + 2012-01-31 + + + sudo -- format string vulnerability --k1lZvvs/B4yU6o8G-- --aVD9QWMuhilNxW9f Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBAgAGBQJPKX1iAAoJECBZmmNBUNPcmCwH/3e5pQYU443tSdnN9vasgH54 TDusH3iUkfWsBcUqAQ98ELgBjX/HO8oHwt2wDEDy91qBvSNQtJsE7T2qNZf0Erbs 51gOyrNyoKwcqiqUsUQ0mSrbLvCSMsGGtE0EbO5EcEQv43KpqQfiITIHpo13yspY 7imY/9A5gLkzJ2KEw5DAH03Kxp006NpFN2Y3RQJWidtygi1eMsxx5jzQej8TM/qI b+7b8XHwXGEgwV383Wl1w0A2DMKbOQStsxuwnsdG5xiJrwhRPnvyOBayRZBXyRif JY7f+O4VSxnUxuym7+sDKcjXreorrI1WupjAQMiQMRth1TuljBNHhr43kjtSBX8= =IE0b -----END PGP SIGNATURE----- --aVD9QWMuhilNxW9f--