-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: file view vulnerability in mod_rewrite Advisory number: CSSA-2000-035.0 Issue date: 2000 October, 10 Cross reference: ______________________________________________________________________________ 1. Problem Description The Apache HTTP server comes with a module named mod_rewrite which can be used to rewrite URLs presented by the client before further processing. The processing logic in mod_rewrite contains a flaw that allows attackers to view arbitrary files on the server system. In the default configuration shipped with OpenLinux, mod_rewrite is disabled. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to apache-1.3.4-5 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder apache-1.3.9-5S OpenLinux eDesktop 2.4 All packages previous to apache-1.3.11-2D 3. Solution Workaround: If you haven't enabled mod_rewrite, no action is required on your part. If you do use mod_rewrite, update to the fixed packages. 4. OpenLinux Desktop 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification c01531115e05d0371db7b1ac83c85b3b RPMS/apache-1.3.4-5.i386.rpm 8403e4002988a610c8a0ee11e4b088b1 RPMS/apache-docs-1.3.4-5.i386.rpm 28a4dc488a42088c1761cbb210a26c9c SRPMS/apache-1.3.4-5.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv apache-*1.3.4-5.i386.rpm 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 45bd05d80b8c5ca5ef87da39de9c19dd RPMS/apache-1.3.9-5S.i386.rpm 0a2043799cdf207f5b797f027a1228a3 RPMS/apache-devel-1.3.9-5S.i386.rpm 7aa9d9789fb94600439752a72bb525fb RPMS/apache-docs-1.3.9-5S.i386.rpm 6305241c58b0185babe1582438aa62e9 SRPMS/apache-1.3.9-5S.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv apache-*1.3.9-5S.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification c303c215facbe330fd454e502a50e798 RPMS/apache-1.3.11-2D.i386.rpm a173b7d14a0d0c1badf9e23c6ec3769e RPMS/apache-devel-1.3.11-2D.i386.rpm 3c92d84da29b69e8f4b665a17ce2328f RPMS/apache-docs-1.3.11-2D.i386.rpm e9c43b643cb040b97130dcfd3ee17b10 SRPMS/apache-1.3.11-2D.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv apache-*1.3.11-2D.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 7940. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE54wIa18sy83A/qfwRAiBuAJ4m7PwHmpb75kGjgfRgW0b23zTQBACfdz0a TSR0QmfBRaIy7I3ZdjH2Blk= =ijRI -----END PGP SIGNATURE-----