Alerta de Segurança Debian

DSA-594-1 apache -- estouros de buffer

Data do Alerta:

17 Nov 2004

Pacotes Afetados:

apache

Vulnerável:

Sim

Referência à base de dados de segurança:

No dicionário CVE do Mitre: CVE-2004-0940.

Informações adicionais:

Duas vulnerabilidades foram descobertas no servidor web Apache 1.3:

CAN-2004-0940
"Crazy Einstein" descobriu uma vulnerabilidade no módulo "mod_include", que pode fazer com que o buffer estoure e pode levar à execução de código arbitrário.
SEM ID
Larry Cashdollar descobriu um estouro de buffer em potencial no utilitário htpasswd, que poderia ser explorado quando dados fornecidos pelo usuário são passados para um programa via CGI (ou PHP, ou ePerl, ...).

Para a distribuição estável (woody), estes problemas foram corrigidos na versão 1.3.26-0woody6.

Para a distribuição instável (sid), estes problemas foram corrigidos na versão 1.3.33-2.

Nós recomendamos que você atualize seus pacotes apache.

Corrigido em:

Debian GNU/Linux 3.0 (woody)

Fonte:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6.dsc; http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6.diff.gz; http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz
Componente independente de arquitetura:: http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody6_all.deb
Alpha:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_alpha.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_alpha.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_arm.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_arm.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_i386.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_i386.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_ia64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_ia64.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_hppa.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_hppa.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_m68k.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_m68k.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_mips.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_mips.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_mipsel.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_mipsel.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_powerpc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_powerpc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_s390.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_s390.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_sparc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_sparc.deb; http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_sparc.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.