Apache HTTP Server ap_resolve_env Environment Variable Local Overflow

2004-09-15T12:54:16
ID OSVDB:9991
Type osvdb
Reporter Ulf Härnhammar()
Modified 2004-09-15T12:54:16

Description

Vulnerability Description

Apache HTTP Server and IBM HTTP Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when function ap_resolve_env() in server/util.c expands environment variable constructs from configuration files such as .htaccess or httpd.conf. For an attacker to exploit the flaw they would need to carefully craft malicious configuration files and have write access to the legitimate copies. This flaw may lead to a loss of confidentiality.

Solution Description

Upgrade to version 2.0.51 or higher or apply the patch from IBM, as it has been reported to fix this vulnerability.

Short Description

Apache HTTP Server and IBM HTTP Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when function ap_resolve_env() in server/util.c expands environment variable constructs from configuration files such as .htaccess or httpd.conf. For an attacker to exploit the flaw they would need to carefully craft malicious configuration files and have write access to the legitimate copies. This flaw may lead to a loss of confidentiality.

References:

Vendor URL: http://httpd.apache.org/ Vendor URL: http://www.ibm.com/us/ Vendor Specific Solution URL: http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0747.patch Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011303 Secunia Advisory ID:13025 Secunia Advisory ID:13027 Secunia Advisory ID:12540 Secunia Advisory ID:12922 Related OSVDB ID: 9994 RedHat RHSA: RHSA-2004:463 Other Advisory URL: http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3404.txt Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:096 Other Advisory URL: http://www.suse.de/de/security/2004_32_apache2.html Other Advisory URL: http://www.sitic.se/rad_och_rekommendationer/sa04-002.html Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-21.xml Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0501.html Keyword: PQ94086 ISS X-Force ID: 17384 CVE-2004-0747