LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
查看: 553|回复: 0

Apache mod_auth 存在解析畸形密码 内存破坏漏洞

[复制链接]
发表于 2004-5-16 20:40:19 | 显示全部楼层 |阅读模式
bj.cyberpolice.cn 2004-5-9 13:55:00

受影响系统:

Apache Software Foundation Apache 2.0a9
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.48
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.29
Apache Software Foundation Apache 1.3.28
Apache Software Foundation Apache 1.3.26
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.23
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
Apache Software Foundation Apache 1.3.19
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.12
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 1.0
Apache Software Foundation Apache 0.8.14
Apache Software Foundation Apache 0.8.11
Apache Software Foundation Apache 1.3.27
    - Debian Linux 3.0
    - HP HP-UX 11.04
    - OpenBSD 3.3
    - RedHat Enterprise Linux WS 2.1
    - RedHat Enterprise Linux ES 2.1
    - RedHat Enterprise Linux AS 2.1
    - SGI IRIX 6.5.19
    - SuSE Linux 8.2
    - SuSE Linux 8.1

详细描述:

Apache是一款开放源代码流行的Httpd服务程序。Apache在验证过程中解析畸形密码存在内存破坏问题,远程攻击者可以利用这个漏洞对WEB服务程序进行拒绝服务攻击或可能以进程权限在系统上执行任意指令。
问题存在于Apache的验证模块中(mod_auth, mod_auth3, mod_auth4),如果在16-bit和64-bit系统中,当sizeof( unsigned long )!=4时,可导致函数ebcdic2ascii()内存破坏,造成服务系统崩溃,存在执行任意指令可能。
目前厂商还没有提供补丁或者升级程序
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表