9991 : Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
Printer | http://osvdb.org/9991 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

8 months ago

Percent Complete

100%

Disclosure

Sep 15, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Apache HTTP Server and IBM HTTP Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when function ap_resolve_env() in server/util.c expands environment variable constructs from configuration files such as .htaccess or httpd.conf. For an attacker to exploit the flaw they would need to carefully craft malicious configuration files and have write access to the legitimate copies. This flaw may lead to a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.0.51 or higher or apply the patch from IBM, as it has been reported to fix this vulnerability.

Products

Apache Software Foundation	HTTP Server	2.0.40
		2.0.42
		2.0.43
		2.0.44
		2.0.45
		2.0.46
		2.0.47
		2.0.35
		2.0.36
		2.0.37
		2.0.39
		2.0.48
		2.0.49
		2.0.50

International Business Machines Corporation	HTTP Server	2.0.47
		2.0.47.1
		2.0.42.2

Hewlett-Packard Development Company, L.P.

Secure Web Server (SWS)

6.3

References

Security Tracker: 1011303
Secunia Advisory ID: 12540 12922 13025 13027
ISS X-Force ID: 17384
CVE ID: 2004-0747 (see also: NVD)
Related OSVDB ID: 9994
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0501.html
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868
http://security.gentoo.org/glsa/glsa-200409-21.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:096
http://www.sitic.se/rad_och_rekommendationer/sa04-002.html
http://www.suse.de/de/security/2004_32_apache2.html
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3404.txt
Vendor URL: http://httpd.apache.org/
http://www.ibm.com/us/
Vendor Specific Advisory URL: http://www-1.ibm.com/support/docview.wss?rs=177&uid=swg24007795
http://www.apacheweek.com/features/security-20
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBOV01083
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01090
Vendor Specific Solution URL: http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0747.patch
Keyword: PQ94086
RedHat RHSA: RHSA-2004:463

Tools & Filters

Nessus	14731 14736 14748 14752 14766 14807 15898

Credit

Ulf Härnhammar - Swedish IT Incident Centre

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apache Software Foundation

HTTP Server

International Business Machines Corporation

HTTP Server

Hewlett-Packard Development Company, L.P.

Secure Web Server (SWS)

References

Tools & Filters

Credit

Blogs

Comments