Apache Mod_Rewrite单字节缓冲区溢出漏洞

2006-12-06T00:00:00
ID SSV:680
Type seebug
Reporter Root
Modified 2006-12-06T00:00:00

Description

Apache是一款流行的开放源代码的HTTPD服务程序。 Apache mod_rewrite模块中LDAP机制处理存在单字节溢出错误,远程攻击者可以利用漏洞以WEB进程权限执行任意指令。 Apache mod_rewrite模块提供了一个基于规则的(使用正则表达式分析器的)实时转向URL请求的引擎。mod_rewrite模块在转义绝对URI机制时存在单字节错误,当分离LDAP URL的数据时escape_absolute_uri( )函数中会触发此漏洞。触发此漏洞可导致指向用户提供数据的指针写入字符指针数组边界之外,可用于控制程序,以WEB权限执行任意指令。 注意此漏洞不需要特定的LDAP规则存在,但是,某个规则必须有如下属性: -存在的规则必须使用户能够控制重写URL的初始化部分。 -规则必须不包含forbidden或gone标记[F或G]。 -如果规则设置了"noescape" [NE]标记不受此漏洞影响。

Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise SDK 10 rPath rPath Linux 1 OpenPKG OpenPKG 2.5 OpenPKG OpenPKG 2.4 OpenPKG OpenPKG 2.3 OpenPKG OpenPKG 2.2 OpenPKG OpenPKG 2.1 OpenPKG OpenPKG 2.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2006.0 x86_64 MandrakeSoft Linux Mandrake 2006.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Apache Software Foundation Apache 2.2 .0 Apache Software Foundation Apache 2.0.56 -dev Apache Software Foundation Apache 2.0.55 Apache Software Foundation Apache 2.0.54 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 + Apple Mac OS X 10.3.6 + Apple Mac OS X 10.2.8 + Apple Mac OS X Server 10.3.6 + Apple Mac OS X Server 10.2.8 + RedHat Desktop 4.0 + RedHat Enterprise Linux WS 4 + RedHat Enterprise Linux ES 4 + RedHat Enterprise Linux AS 4 + Sun Solaris 10 Apache Software Foundation Apache 2.0.51 + RedHat Fedora Core2 + RedHat Fedora Core1 Apache Software Foundation Apache 2.0.50 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 Apache Software Foundation Apache 2.0.49 + S.u.S.E. Linux Personal 9.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.48 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + S.u.S.E. Linux 8.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.47 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.3.4 + Apple Mac OS X Server 10.3.3 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.1.5 + Apple Mac OS X Server 10.1.4 + Apple Mac OS X Server 10.1.3 + Apple Mac OS X Server 10.1.2 + Apple Mac OS X Server 10.1.1 + Apple Mac OS X Server 10.1 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 Apache Software Foundation Apache 2.0.46 + RedHat Desktop 3.0 + RedHat Enterprise Linux WS 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux AS 3 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 1.3.35 -dev Apache Software Foundation Apache 1.3.34 Apache Software Foundation Apache 1.3.33 + Apple Mac OS X 10.3.6 + Apple Mac OS X 10.2.8 + Apple Mac OS X Server 10.3.6 + Apple Mac OS X Server 10.2.8 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 Apache Software Foundation Apache 1.3.32 + Gentoo Linux 1.4 + Gentoo Linux Apache Software Foundation Apache 1.3.31 + OpenPKG OpenPKG Current Apache Software Foundation Apache 1.3.29 + Apple Mac OS X 10.3.5 + Apple Mac OS X 10.2.7 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.2.7 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0 Apache Software Foundation Apache 1.3.28 + Conectiva Linux 8.0 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + OpenBSD OpenBSD 3.4 + OpenPKG OpenPKG 1.3 Apache Software Foundation Apache 1.3.9 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + NetScreen NetScreen-Global PRO Express Policy Manager Server + NetScreen NetScreen-Global PRO Policy Manager Server + Sun Solaris 8.0 _x86 + Sun Solaris 8.0 + Sun SunOS 5.8 _x86 + Sun SunOS 5.8 Apache Software Foundation Apache 1.3.7 -dev Apache Software Foundation Apache 1.3.6 + Sun Cobalt ManageRaQ3 3000R-mr + Sun Cobalt RaQ3 3000R + Sun Cobalt Velociraptor Apache Software Foundation Apache 1.3.4 + BSDI BSD/OS 4.0 Apache Software Foundation Apache 1.3.3 + RedHat Linux 5.2 sparc + RedHat Linux 5.2 i386 + RedHat Linux 5.2 alpha

<a href="http://www.apache.org/dist/httpd/Announcement2.2.html" target="_blank">http://www.apache.org/dist/httpd/Announcement2.2.html</a>