Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4095
HistoryFeb 18, 2003 - 12:00 a.m.

Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav module format string vulnerability

2003-02-1800:00:00
vulners.com
5
JSON

To: [email protected] [email protected] [email protected]
[email protected]

                    SCO Security Advisory

Subject: Linux: Apache mod_dav module format string vulnerability
Advisory number: CSSA-2003-007.0
Issue date: 2003 February 17
Cross reference:

  1. Problem Description

     The Apache mod_dav module contains a format string vulnerability
 in the "ap_log_rerror()" function.

  2. Vulnerable Supported Versions

     System                          Package
 ----------------------------------------------------------------------

 OpenLinux 3.1.1 Server          prior to mod_dav-1.0.2_1.3.6-3.i386.rpm
                                 prior to mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 OpenLinux 3.1.1 Workstation     prior to mod_dav-1.0.2_1.3.6-3.i386.rpm
                                 prior to mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 OpenLinux 3.1 Server            prior to mod_dav-1.0.2_1.3.6-3.i386.rpm
                                 prior to mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 OpenLinux 3.1 Workstation       prior to mod_dav-1.0.2_1.3.6-3.i386.rpm
                                 prior to mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

  3. Solution

     The proper solution is to install the latest packages. Many
 customers find it easier to use the Caldera System Updater, called
 cupdate (or kcupdate under the KDE environment), to update these
 packages rather than downloading and installing them by hand.

  4. OpenLinux 3.1.1 Server

     4.1 Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-007.0/RPMS

 4.2 Packages

 bcb45e6cffe4b274dd2363b6880a9164        mod_dav-1.0.2_1.3.6-3.i386.rpm
 ef8f5066aa46ee037f69550b8438a322        mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 4.3 Installation

 rpm -Fvh mod_dav-1.0.2_1.3.6-3.i386.rpm
 rpm -Fvh mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 4.4 Source Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-007.0/SRPMS

 4.5 Source Packages

 d28984d21aca280a74588b98459a9e4e        mod_dav-1.0.2_1.3.6-3.src.rpm

  5. OpenLinux 3.1.1 Workstation

     5.1 Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-007.0/RPMS

 5.2 Packages

 ddace8089a1a4eea49db6b86b10ad38f        mod_dav-1.0.2_1.3.6-3.i386.rpm
 83d069194ae139ea7e967fcfb6679db1        mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 5.3 Installation

 rpm -Fvh mod_dav-1.0.2_1.3.6-3.i386.rpm
 rpm -Fvh mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 5.4 Source Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-007.0/SRPMS

 5.5 Source Packages

 fa28668cc98cac3ad22eee23e77c2693        mod_dav-1.0.2_1.3.6-3.src.rpm

  6. OpenLinux 3.1 Server

     6.1 Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-007.0/RPMS

 6.2 Packages

 3853d37862ee61ddd9720fdf17d58bf4        mod_dav-1.0.2_1.3.6-3.i386.rpm
 739ca25c48cf6708066d94526bf2ec7d        mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 6.3 Installation

 rpm -Fvh mod_dav-1.0.2_1.3.6-3.i386.rpm
 rpm -Fvh mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 6.4 Source Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-007.0/SRPMS

 6.5 Source Packages

 35f41886e5019c46aa2504f5c3338c2e        mod_dav-1.0.2_1.3.6-3.src.rpm

  7. OpenLinux 3.1 Workstation

     7.1 Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-007.0/RPMS

 7.2 Packages

 9bce03b0080e3f088c315fd7ed0eee49        mod_dav-1.0.2_1.3.6-3.i386.rpm
 6105508bfa30dec40785269e97152836        mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 7.3 Installation

 rpm -Fvh mod_dav-1.0.2_1.3.6-3.i386.rpm
 rpm -Fvh mod_dav-devel-1.0.2_1.3.6-3.i386.rpm

 7.4 Source Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-007.0/SRPMS

 7.5 Source Packages

 83429117c53516e8e94e1c36e25446f5        mod_dav-1.0.2_1.3.6-3.src.rpm

  8. References

     Specific references for this advisory:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0842

 SCO security resources:

         http://www.sco.com/support/security/index.html

 This security fix closes SCO incidents sr869830, fz526205,
 erg712132.

  9. Disclaimer

     SCO is not responsible for the misuse of any of the information
 we provide on this website and/or through our security
 advisories. Our advisories are a service to our customers intended
 to promote secure installation and use of SCO products.

  10. Acknowledgements

    David Litchfield discovered and investigated this vulnerability.

Related

securityvulns 2
cert 1
cve 2
cvelist 1
nessus 1
securityvulns
securityvulns
CERT Advisory CA-2003-05 Multiple Vulnerabilities in Oracle Servers
2003-02-20 00:00:00
Re: CSSA-2003-007.0 Advisory withdrawn.
2003-02-19 00:00:00
cert
cert
Some implementations of mod_dav contain a format string vulnerability in "ap_log_rerror()" function
2003-02-14 00:00:00
cve
cve
CVE-2002-0842
2003-03-03 05:00:00
CVE-2002-0841
2003-03-03 05:00:00
cvelist
cvelist
CVE-2002-0842
2004-09-01 04:00:00
nessus
nessus
Oracle Application Server Multiple Vulnerabilities
2012-01-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:4095
securityvulns2cert1cve2cvelist1nessus1