Date: Wed, 1 Feb 2012 13:21:05 -0800 From: Jason Helfman <jgh@FreeBSD.org> To: Chris Rees <crees@freebsd.org> Cc: rene@freebsd.org, apache@freebsd.org, secteam@freebsd.org Subject: Re: documentation for apache vulnerability, over for approval Message-ID: <20120201212105.GG46116@dormouse.experts-exchange.com> In-Reply-To: <CADLo839YWLa0Cb0GkaGkXY71R35Zw-Ts3m0F=yYN9vHDoM_%2BBg@mail.gmail.com> References: <20120201175858.GB46116@dormouse.experts-exchange.com> <CADLo83_jARCGsuayA8%2BE2cDT0Hz_wn9n5bmkbfT0j2Lp2RY3Zw@mail.gmail.com> <20120201195637.GD46116@dormouse.experts-exchange.com> <CADLo839YWLa0Cb0GkaGkXY71R35Zw-Ts3m0F=yYN9vHDoM_%2BBg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--EDJsL2R9iCFAt7IV Content-Type: multipart/mixed; boundary="kbCYTQG2MZjuOjyn" Content-Disposition: inline --kbCYTQG2MZjuOjyn Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 01, 2012 at 08:14:24PM +0000, Chris Rees thus spake: >On 1 February 2012 19:56, Jason Helfman <jgh@freebsd.org> wrote: >> On Wed, Feb 01, 2012 at 07:35:41PM +0000, Chris Rees thus spake: >> >>> Hm, did you use make newentry? The vulnerability appears before the >>> <vuxml> tag ;) >>> >>> Chris >>> >>> On 1 February 2012 17:58, Jason Helfman <jgh@freebsd.org> wrote: >>>> >>>> Over for approval. >>>> >>>> -jgh >>>> >>>> Thanks, >>>> Jason >>>> >>>> -- >>>> Jason Helfman =A0 =A0 =A0 =A0 | FreeBSD Committer >>>> jgh@FreeBSD.org =A0 =A0 =A0 | http://people.freebsd.org/~jgh >>> >>> >> gotcha. here is an updated patch. >> -jgh > >Fine by me, as long as it builds and matches the right ports (and >-apache@ are OK with it) > >http://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html#= SECURITY-NOTIFY-VUXML-TESTING > >Chris > Attached is updated patch, and was able to fully verify per the url above. Range was off =3D> lt 2.2.22 [jhelfman@dormouse /usr/ports/security/vuxml]$ portaudit apache-2.2.21 Affected package: apache-2.2.21 Type of problem: apache -- multiple vulnerabilities. Reference: http://www.freebsd.org/ports/portaudit/4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0= =2Ehtml 1 problem(s) found. [jhelfman@dormouse ~/workspace/ports/security]$ sudo portaudit -f /usr/ports/INDEX-8 -r 4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0 Affected package: apache-2.0.64_2 Type of problem: apache -- multiple vulnerabilities. Reference: http://www.freebsd.org/ports/portaudit/4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0= =2Ehtml Affected package: apache-2.2.21 Type of problem: apache -- multiple vulnerabilities. Reference: http://www.freebsd.org/ports/portaudit/4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0= =2Ehtml -jgh --=20 Jason Helfman | FreeBSD Committer jgh@FreeBSD.org | http://people.freebsd.org/~jgh --kbCYTQG2MZjuOjyn Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="patch.txt" Content-Transfer-Encoding: quoted-printable Index: vuln.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2586 diff -u -r1.2586 vuln.xml --- vuln.xml 1 Feb 2012 09:46:07 -0000 1.2586 +++ vuln.xml 1 Feb 2012 21:19:16 -0000 @@ -47,6 +47,60 @@ =20 --> <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">; + <vuln vid=3D"4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0"> + <topic>apache -- multiple vulnerabilities</topic> + <affects> + <package> + <name>apache</name> + <range><gt>2.*</gt><lt>2.2.22</lt></range> + </package> + </affects> + <description> + <body xmlns=3D"http://www.w3.org/1999/xhtml">; + <p>CVE Mitre reports:</p> + <blockquote cite=3D"http://httpd.apache.org/security/vulnerabilities_22.h= tml"> + <p>Integer overflow in the ap_pregsub function in server/util.c in the + Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, whe= n the + mod_setenvif module is enabled, allows local users to gain privileges= via a + .htaccess file with a crafted SetEnvIf directive, in conjunction with= a + crafted HTTP request header, leading to a heap-based buffer overflow.= </p> + <p>A flaw was found in mod_log_config. If the '%{cookiename}C' log form= at + string is in use, a remote attacker could send a specific cookie caus= ing a + crash. This crash would only be a denial of service if using a thread= ed + MPM.</p> + <p>A flaw was found in the handling of the scoreboard. An unprivileged + child process could cause the parent process to crash at shutdown rat= her + than terminate cleanly.</p> + <p>An additional exposure was found when using mod_proxy in reverse pro= xy + mode. In certain configurations using RewriteRule with proxy flag or + ProxyPassMatch, a remote attacker could cause the reverse proxy to co= nnect + to an arbitrary server, possibly disclosing sensitive information from + internal web servers not directly accessible to attacker.</p> + <p>A flaw was found in the default error response for status code 400. = This + flaw could be used by an attacker to expose "httpOnly" cookies when no + custom ErrorDocument is specified.</p> + <p>An exposure was found when using mod_proxy in reverse proxy mode. In + certain configurations using RewriteRule with proxy flag or ProxyPass= Match, + a remote attacker could cause the reverse proxy to connect to an arbi= trary + server, possibly disclosing sensitive information from internal web s= ervers + not directly accessible to attacker.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-3607</cvename> + <cvename>CVE-2012-0021</cvename> + <cvename>CVE-2012-0031</cvename> + <cvename>CVE-2011-4317</cvename> + <cvename>CVE-2012-0053</cvename> + <cvename>CVE-2011-3368</cvename> + </references> + <dates> + <discovery>2011-10-05</discovery> + <entry>2012-01-31</entry> + </dates> + </vuln> + <vuln vid=3D"0a9e2b72-4cb7-11e1-9146-14dae9ebcf89"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> --kbCYTQG2MZjuOjyn-- --EDJsL2R9iCFAt7IV Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBAgAGBQJPKazBAAoJECBZmmNBUNPcyTMH/3jw2Bq/5qBySJ+q/ASM4QNa 40BkseK2uwvwl1AUFp6z2FlJ8fPZhtZDjP5gUXTq5WDakwzU0uIyWtnQC64j0aP3 4lJWTcA/7/oF9RlrbiZlIi2O6IWPnRH7Pw8zhdCKDGNvGjp3PrJ/GLOGdWgKUReI GwyveN6KcZDMJ0uV5ScFypZpyep4FL8J2ngMNtKt8V1qsoiBx7bx6shfo1pglqR0 h8PTTZgtU1mf6TfTDF633QdvBPgWynpcr7ynDwYymQWsJLz8X0hVBWH703GHk0Uh wMZuqdUWakVi2VOXPZoiZbKwj9cDGruaVXLXRLPUq4hC6R9lyJCEMEeYDNwjxZE= =B2fC -----END PGP SIGNATURE----- --EDJsL2R9iCFAt7IV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120201212105.GG46116>