-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: Linux: REVISED: apache vulnerabilities in shared memory, DNS, and ApacheBench Advisory number: CSSA-2002-056.1 Issue date: 2003 January 15 Cross reference: ______________________________________________________________________________ 1. Problem Description The shared memory scoreboard in the HTTP daemon for Apache allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. Cross-site scripting (XSS) vulnerability in the default error page of Apache when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header. Buffer overflows in the ApacheBench support program (ab.c) in Apache allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. This update addresses an installation problem that required the expat library to be on the system. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to apache-1.3.27-2.1.i386.rpm prior to apache-devel-1.3.27-2.1.i386.rpm prior to apache-doc-1.3.27-2.1.i386.rpm OpenLinux 3.1.1 Workstation prior to apache-1.3.27-2.1.i386.rpm prior to apache-devel-1.3.27-2.1.i386.rpm prior to apache-doc-1.3.27-2.1.i386.rpm OpenLinux 3.1 Server prior to apache-1.3.27-2.1.i386.rpm prior to apache-devel-1.3.27-2.1.i386.rpm prior to apache-doc-1.3.27-2.1.i386.rpm OpenLinux 3.1 Workstation prior to apache-1.3.27-2.1.i386.rpm prior to apache-devel-1.3.27-2.1.i386.rpm prior to apache-doc-1.3.27-2.1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-056.1/RPMS 4.2 Packages 50375a971460c069f2877bd57f0535b0 apache-1.3.27-2.1.i386.rpm ab1526780fdea946731985025cc61e2c apache-devel-1.3.27-2.1.i386.rpm e56b5df2ed0f57ee5a892a4a2e414e38 apache-doc-1.3.27-2.1.i386.rpm 4.3 Installation rpm -Fvh apache-1.3.27-2.1.i386.rpm rpm -Fvh apache-devel-1.3.27-2.1.i386.rpm rpm -Fvh apache-doc-1.3.27-2.1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-056.1/SRPMS 4.5 Source Packages ed5262789329d8088c779c56d98ec170 apache-1.3.27-2.1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-056.1/RPMS 5.2 Packages bc651140441d45502d6ecacd4676288c apache-1.3.27-2.1.i386.rpm 9f533d9776ce1ced77d38562d11f77b0 apache-devel-1.3.27-2.1.i386.rpm b9c79e503d23941560a691f61a8662ee apache-doc-1.3.27-2.1.i386.rpm 5.3 Installation rpm -Fvh apache-1.3.27-2.1.i386.rpm rpm -Fvh apache-devel-1.3.27-2.1.i386.rpm rpm -Fvh apache-doc-1.3.27-2.1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-056.1/SRPMS 5.5 Source Packages 9efc98158e41aa4e369ef89f0e1bd5fd apache-1.3.27-2.1.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-056.1/RPMS 6.2 Packages d45957cb1ebc50d494d78db73c6679e5 apache-1.3.27-2.1.i386.rpm acf4fc034777ca2bc335a5d635e88ef3 apache-devel-1.3.27-2.1.i386.rpm 76e53c10d4d4c9a279a4d96659a4db7b apache-doc-1.3.27-2.1.i386.rpm 6.3 Installation rpm -Fvh apache-1.3.27-2.1.i386.rpm rpm -Fvh apache-devel-1.3.27-2.1.i386.rpm rpm -Fvh apache-doc-1.3.27-2.1.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-056.1/SRPMS 6.5 Source Packages 1f6d18d43896e3709402072e7281f57a apache-1.3.27-2.1.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-056.1/RPMS 7.2 Packages 871346db93d4226eee66ee1d939ab4c8 apache-1.3.27-2.1.i386.rpm 8642192987d2600d04e4f877481d6b9e apache-devel-1.3.27-2.1.i386.rpm b10322cdfdf5718cd340d2e91fc4581c apache-doc-1.3.27-2.1.i386.rpm 7.3 Installation rpm -Fvh apache-1.3.27-2.1.i386.rpm rpm -Fvh apache-devel-1.3.27-2.1.i386.rpm rpm -Fvh apache-doc-1.3.27-2.1.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-056.1/SRPMS 7.5 Source Packages d620e3d5f7a12c7db9db4c910bf1985c apache-1.3.27-2.1.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr870244, fz526296, erg712139. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj4lvMMACgkQbluZssSXDTFEDQCg5XLP8Ql/JtN8orenlyjz7r2H MxAAnAsFfvHFalzIGcaOejxPsOMH0CzR =8Oa3 -----END PGP SIGNATURE-----