Apache mod_auth 存在解析畸形密码 内存破坏漏洞

ufo2000

bj.cyberpolice.cn 2004-5-9 13:55:00

受影响系统：

Apache Software Foundation Apache 2.0a9
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.48
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.29
Apache Software Foundation Apache 1.3.28
Apache Software Foundation Apache 1.3.26
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.23
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
Apache Software Foundation Apache 1.3.19
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.12
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 1.0
Apache Software Foundation Apache 0.8.14
Apache Software Foundation Apache 0.8.11
Apache Software Foundation Apache 1.3.27
    - Debian Linux 3.0
    - HP HP-UX 11.04
    - OpenBSD 3.3
    - RedHat Enterprise Linux WS 2.1
    - RedHat Enterprise Linux ES 2.1
    - RedHat Enterprise Linux AS 2.1
    - SGI IRIX 6.5.19
    - SuSE Linux 8.2
    - SuSE Linux 8.1

详细描述：

Apache是一款开放源代码流行的Httpd服务程序。Apache在验证过程中解析畸形密码存在内存破坏问题，远程攻击者可以利用这个漏洞对WEB服务程序进行拒绝服务攻击或可能以进程权限在系统上执行任意指令。
问题存在于Apache的验证模块中(mod_auth, mod_auth3, mod_auth4)，如果在16-bit和64-bit系统中，当sizeof( unsigned long )!=4时，可导致函数ebcdic2ascii()内存破坏，造成服务系统崩溃，存在执行任意指令可能。
目前厂商还没有提供补丁或者升级程序