The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[Full-Disclosure] [USN-65-1] Apache utility script vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >> 
Date: Wed, 19 Jan 2005 16:56:03 +0100
From: Martin Pitt <martin.pitt@canonical.com.>
To: [email protected]
Subject: [Full-Disclosure] [USN-65-1] Apache utility script vulnerability
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.5
Content-Type: multipart/mixed; boundary="===============0185126578=="
Sender: [email protected]
Errors-To: [email protected]
X-SPAWAR-MailScanner: Found to be clean
X-SPAWAR-MailScanner-SpamCheck: not spam, SpamAssassin (score=0,
        required 4.5)
X-Virus-Scanned: antivirus-gw at tyumen.ru


--===============0185126578==
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="nFreZHaLTZJo0R7j"
Content-Disposition: inline


--nFreZHaLTZJo0R7j
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-65-1		   January 19, 2005
apache vulnerabilities
http://bugs.debian.org/290974
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache-utils

The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Javier Fern=E1ndez-Sanguino Pe=F1a noticed that the "check_forensic"
script created temporary files in an insecure manner. This could
allow a symbolic link attack to create or overwrite arbitrary files
with the privileges of the user invoking the program.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubu=
ntu0.4.diff.gz
      Size/MD5:   369655 7ec465eece404f6ddd1d45a8292b1fe6
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubu=
ntu0.4.dsc
      Size/MD5:     1102 9165d920ac5f269f5abf886ee392613c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig=
=2Etar.gz
      Size/MD5:  3104170 ca475fbb40087eb157ec51334f260d1b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-=
6ubuntu0.4_all.deb
      Size/MD5:   329424 f05e89912051a57e3a0f4b439d813bcf
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3=
=2E31-6ubuntu0.4_all.deb
      Size/MD5:  1186432 b7490f2099b1bd5b512cb2dba9fc3fcf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.=
31-6ubuntu0.4_amd64.deb
      Size/MD5:   873090 4de4ad38fa7021c3666349134f3f3939
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3=
=2E31-6ubuntu0.4_amd64.deb
      Size/MD5:  9131010 8dfb8f02f5cd07223069a08c3156a015
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.=
3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   520354 81033c5317f6d50b69a796df54f56f90
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3=
=2E31-6ubuntu0.4_amd64.deb
      Size/MD5:   510288 f986a142140d051b3d2590e7add86a54
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3=
1-6ubuntu0.4_amd64.deb
      Size/MD5:   271078 bcb58f9b5a102f4109a0e6bd7b80a1c1
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-=
6ubuntu0.4_amd64.deb
      Size/MD5:   397916 6f039537fd6365bd5627a6004f445e45
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-=
perl_1.29.0.2-14ubuntu0.1_amd64.deb
      Size/MD5:   491306 86f3c435f888d78e6a03456af0eb7101

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.=
31-6ubuntu0.4_i386.deb
      Size/MD5:   838326 6e8c39afade6e140502592602c180f81
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3=
=2E31-6ubuntu0.4_i386.deb
      Size/MD5:  9080282 3555a952ded8b3370691d8585163587a
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.=
3.31-6ubuntu0.4_i386.deb
      Size/MD5:   494050 62489a77ba210430b8803aea05be968c
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3=
=2E31-6ubuntu0.4_i386.deb
      Size/MD5:   483720 5cc3c2014e2b30b1a0906c2748d6bef3
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3=
1-6ubuntu0.4_i386.deb
      Size/MD5:   264974 65e6aed85dd4ac7c1485f8eae951788f
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-=
6ubuntu0.4_i386.deb
      Size/MD5:   377152 55d3b656566987d140d2677d1c0de61c
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-=
perl_1.29.0.2-14ubuntu0.1_i386.deb
      Size/MD5:   484640 da71290705c6f6f6faf1d6dc254bf4a6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.=
31-6ubuntu0.4_powerpc.deb
      Size/MD5:   917362 652d1cd08236a6557e44d87b67e4dd16
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3=
=2E31-6ubuntu0.4_powerpc.deb
      Size/MD5:  9225702 033e91323439c25a000b604423d71d46
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.=
3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   511036 e66e2283e7a70758989198fbf9ebb613
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3=
=2E31-6ubuntu0.4_powerpc.deb
      Size/MD5:   506852 a8bd4a1633e5d6c8ba51d01134fee992
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3=
1-6ubuntu0.4_powerpc.deb
      Size/MD5:   278286 b25fd9ebbeeafeeb3867828251218d08
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-=
6ubuntu0.4_powerpc.deb
      Size/MD5:   395396 4eafd593de2508a0c574929718476320
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-=
perl_1.29.0.2-14ubuntu0.1_powerpc.deb
      Size/MD5:   488664 74541bd75de68e04a43cf61c3c7a276f

--nFreZHaLTZJo0R7j
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB7oMTDecnbV4Fd/IRAsFAAJ9rJ5YVFFXXfzisMGJF5Yh4MWHqsgCglxHt
3kUjzkvHEHh+/Zqe1zPKwUU=
=eCip
-----END PGP SIGNATURE-----

--nFreZHaLTZJo0R7j--

--===============0185126578==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

--===============0185126578==--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру