進階會員 | [ Info ]CERT? Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability 原始網站 http://www.cert.org/advisories/CA-2002-17.html Original release date: June 17, 2002 Last revised: June 18, 2002 Source: CERT/CC A complete revision history can be found at the end of this file http://httpd.apache.org/info/securit...n_20020617.txt Date: June 17, 2002 Last Updated: June 18, 2002, 14:21 (-0400) Product: Apache Web Server Versions: Apache 1.3 all versions including 1.3.24, Apache 2 all versions up to 2.0.36, Apache 1.2 all versions 1.2.2 onwards. Introduction: While testing for Oracle vulnerabilities, Mark Litchfield discovered a denial of service attack for Apache on Windows. Investigation by the Apache Software Foundation showed that this issue has a wider scope, which on some platforms results in a denial of service vulnerability, while on some other platforms presents a potential a remote exploit vulnerability. We were also notified today by ISS that they had published the same issue which has forced the early release of this advisory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0392 to this issue. Description: Versions of the Apache web server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. This bug can be triggered remotely by sending a carefully crafted invalid request. This functionality is enabled by default. In most cases the outcome of the invalid request is that the child process dealing with the request will terminate. At the least, this could help a remote attacker launch a denial of service attack as the parent process will eventually have to replace the terminated child process and starting new children uses non-trivial amounts of resources. On the Windows and Netware platforms, Apache runs one multithreaded child process to service requests. The teardown and subsequent setup time to replace the lost child process presents a significant interruption of service. As the Windows and Netware ports create a new process and reread the configuration, rather than fork a child process, this delay is much more pronounced than on other platforms. In Apache 2.0 the error condition is correctly detected, so it will not allow an attacker to execure arbitrary code on the server. However platforms could be using a multithreaded model of multiple concurrent requests per child process (although the default preference remains multiple processes with a single thread and request per process, and most multithreaded models continue to create multiple child processes). Using any multithreaded model, all concurrent requests currently served by the affected child process will be lost. In Apache 1.3 the issue causes a stack overflow. Due to the nature of the overflow on 32-bit Unix platforms this will cause a segmentation violation and the child will terminate. However on 64-bit platforms the overflow can be controlled and so for platforms that store return addresses on the stack it is likely that it is further exploitable. This could allow arbitrary code to be run on the server as the user the Apache children are set to run as. We have been made aware that Apache 1.3 on Windows is exploitable in a similar way as well. Users of Apache 1.3 should upgrade to 1.3.26, and users of Apache 2.0 should upgrade to 2.0.39, which contain a fix for this issue. |
回覆 |
法蘭斯 | apache 重大安全漏洞,中文的資料這邊有: http://www.cert.org.tw/advisory/2002...A-2002-151.txt FreeBSD 的 ports 已相對更新了。 |
回覆 |
校長兼撞鐘 | 前幾天看到時 , 已經幫站上換上新版的 1.3.26 PS : kib83726 是 "大南國小 FreeBSD 架站日誌" 的站長嗎 ? PCZONE 是用 BSD 架設的 , 之前不太懂 BSD , 從您的網站教學獲益良多 !! 我還在大陸的某個 FreeBSD 網站發現有人把你的站 Mirror 過去並翻成 GB 簡體版供大陸朋友閱讀 |
回覆 |
|
類似的主題 | ||||
主題 | 主題作者 | 討論版 | 回覆 | 最後發表 |
【轉貼】網路追追追小氣惹禍 免費軟體「出賣」你 2002/06/17 12:20 | giogio2000 | -- 防 駭 / 防 毒 版 | 0 | 2002-06-17 03:30 PM |
【新聞】MSN擠下ICQ 在台稱霸 2002/04/25 17:27 | giogio2000 | -- 網 路 軟 體 討 論 二 版 (網路其他軟體) | 18 | 2002-05-06 12:53 PM |
[info] : FreeBSD-SA-02:11 == Security Advisory == | repsol | -- FreeBSD & Linux 討 論 版 | 1 | 2002-02-22 05:21 PM |
請問 Exchange 5.5 or 2000 Server 可否以 Apache web server 代替 IIS 作 Web Access Logon 謝謝! | Solbourne | -- 網 路 軟 體 討 論 一 版 (Browser,Email | 0 | 2001-08-16 11:35 PM |
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。