CVE-2003-0987
CVSS7.5
发布时间 :2004-03-03 00:00:00
修订时间 :2016-10-17 22:38:51
NMCOPS    

[原文]mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.


[CNNVD]Apache mod_digest客户提供Nonce确认漏洞(CNNVD-200403-045)

        
        Apache是一款流行的WEB服务程序。
        Apache mod_digest模块没有充分验证针对用户提供的nonces信息,远程攻击者可以利用这个漏洞可以从其他站点伪造应答信息。
        这个漏洞只有在伪造站和服务器上的用户的用户名密码相同,及实际名也相同的情况下产生,不过这种情况比较少。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4416Apache mod_digest Nonce Verification Vulnerability
oval:org.mitre.oval:def:100108Apache Nonce Verification Response Replay Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0987
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0987
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200403-045
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108437852004207&w=2
(UNKNOWN)  BUGTRAQ  20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
http://security.gentoo.org/glsa/glsa-200405-22.xml
(UNKNOWN)  GENTOO  GLSA-200405-22
http://securitytracker.com/id?1008920
(UNKNOWN)  SECTRACK  1008920
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
(UNKNOWN)  SUNALERT  101555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
(UNKNOWN)  SUNALERT  101841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
(UNKNOWN)  SUNALERT  57628
http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
(PATCH)  CONFIRM  http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
(VENDOR_ADVISORY)  CONFIRM  http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:046
(UNKNOWN)  MANDRAKE  MDKSA-2004:046
http://www.redhat.com/support/errata/RHSA-2004-600.html
(UNKNOWN)  REDHAT  RHSA-2004:600
http://www.redhat.com/support/errata/RHSA-2005-816.html
(UNKNOWN)  REDHAT  RHSA-2005:816
http://www.securityfocus.com/bid/9571
(VENDOR_ADVISORY)  BID  9571
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
(UNKNOWN)  SLACKWARE  SSA:2004-133
http://www.trustix.org/errata/2004/0027
(UNKNOWN)  TRUSTIX  2004-0027
http://xforce.iss.net/xforce/xfdb/15041
(VENDOR_ADVISORY)  XF  apache-moddigest-response-replay(15041)

- 漏洞信息

Apache mod_digest客户提供Nonce确认漏洞
高危 未知
2004-03-03 00:00:00 2005-10-20 00:00:00
远程※本地  
        
        Apache是一款流行的WEB服务程序。
        Apache mod_digest模块没有充分验证针对用户提供的nonces信息,远程攻击者可以利用这个漏洞可以从其他站点伪造应答信息。
        这个漏洞只有在伪造站和服务器上的用户的用户名密码相同,及实际名也相同的情况下产生,不过这种情况比较少。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 如果不需要mod_digest模块,就关闭此模块,或者使用mod_auth_digest代替。
        厂商补丁:
        Apache Software Foundation
        --------------------------
        Apache 1.3.30的参考补丁:
        Index: include/http_core.h
        ===================================================================
        RCS file: /home/cvs/apache-1.3/src/include/http_core.h,v
        retrieving revision 1.71
        diff -u -r1.71 http_core.h
        --- include/http_core.h 7 Jul 2003 00:34:09 -0000 1.71
        +++ include/http_core.h 18 Dec 2003 17:30:29 -0000
        @@ -162,6 +162,7 @@
         API_EXPORT(const char *) ap_auth_type (request_rec *);
         API_EXPORT(const char *) ap_auth_name (request_rec *);
        +API_EXPORT(const char *) ap_auth_nonce (request_rec *);
         API_EXPORT(int) ap_satisfies (request_rec *r);
         API_EXPORT(const array_header *) ap_requires (request_rec *);
        @@ -244,6 +245,7 @@
         int satisfy;
         char *ap_auth_type;
         char *ap_auth_name;
        + char *ap_auth_nonce; /* digest auth */
         array_header *ap_requires;
         /* Custom response config. These can contain text or a URL to redirect to.
        Index: main/http_core.c
        ===================================================================
        RCS file: /home/cvs/apache-1.3/src/main/http_core.c,v
        retrieving revision 1.327
        diff -u -r1.327 http_core.c
        --- main/http_core.c 17 Nov 2003 17:14:53 -0000 1.327
        +++ main/http_core.c 18 Dec 2003 17:30:30 -0000
        @@ -236,6 +236,9 @@
         if (new->ap_auth_name) {
         conf->ap_auth_name = new->ap_auth_name;
         }
        + if (new->ap_auth_nonce) {
        + conf->ap_auth_nonce= new->ap_auth_nonce;
        + }
         if (new->ap_requires) {
         conf->ap_requires = new->ap_requires;
         }
        @@ -577,6 +580,29 @@
         return conf->ap_auth_name;
         }
        +API_EXPORT(const char *) ap_auth_nonce(request_rec *r)
        +{
        + core_dir_config *conf;
        + conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
        + &core_module);
        + if (conf->ap_auth_nonce)
        + return conf->ap_auth_nonce;
        +
        + /* Ideally we'd want to mix in some per-directory style
        + * information; as we are likely to want to detect replay
        + * across those boundaries and some randomness. But that
        + * is harder due to the adhoc nature of .htaccess memory
        + * structures, restarts and forks.
        + *
        + * But then again - you should use AuthNonce in your config
        + * file if you care. So the adhoc value should do.
        + */
        + return ap_psprintf(r->pool,"%lu%lu%lu%lu%lu",
        + *(unsigned long *)&((r->connection->local_addr).sin_addr ),
        + ap_user_name, ap_listeners, ap_server_argv0, ap_pid_fname
        + );
        +}
        +
         API_EXPORT(const char *) ap_default_type(request_rec *r)
         {
         core_dir_config *conf;
        @@ -2797,6 +2823,28 @@
         return NULL;
         }
        +/*
        + * Load an authorisation nonce into our location configuration, and
        + * force it to be in the 0-9/A-Z realm.
        + */
        +static const char *set_authnonce (cmd_parms *cmd, void *mconfig, char *word1)
        +{
        + core_dir_config *aconfig = (core_dir_config *)mconfig;
        + int i;
        +
        + aconfig->ap_auth_nonce = ap_escape_quotes(cmd->pool, word1);
        +
        + if (strlen(aconfig->ap_auth_nonce) > 510)
        + return "AuthNonce lenght limited to 510 chars for browser
        compatibility";
        +
        + for(i=0;iap_auth_nonce );i++)
        + if (!ap_isalnum(aconfig->ap_auth_nonce [i]))
        + return "AuthNonce limited to 0-9 and A-Z range for browser
        compatibilty";
        +
        + return NULL;
        +}
        +
        +
         #ifdef _OSD_POSIX /* BS2000 Logon Passwd file */
         static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char *name)
         {
        @@ -3411,6 +3459,9 @@
         "An HTTP authorization type (e.g., \"Basic\")" },
         { "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1,
         "The authentication realm (e.g. \"Members Only\")" },
        +{ "AuthNonce", set_authnonce, NULL, OR_AUTHCFG, TAKE1,
        + "An authentication token which should be different for each logical realm. "\
        + "A random value or the servers IP may be a good choise.\n" },
         { "Require", require, NULL, OR_AUTHCFG, RAW_ARGS,
         "Selects which authenticated users or groups may access a protected space" },
         { "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
        Index: main/http_protocol.c
        ===================================================================
        RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
        retrieving revision 1.330
        diff -u -r1.330 http_protocol.c
        --- main/http_protocol.c 3 Feb 2003 17:13:22 -0000 1.330
        +++ main/http_protocol.c 18 Dec 2003 17:30:32 -0000
        @@ -76,6 +76,7 @@
         #include "util_date.h" /* For parseHTTPdate and BAD_DATE */
         #include
         #include "http_conf_globals.h"
        +#include "util_md5.h" /* For digestAuth */
         #define SET_BYTES_SENT(r) \
         do { if (r->sent_bodyct) \
        @@ -1391,11 +1392,24 @@
         API_EXPORT(void) ap_note_digest_auth_failure(request_rec *r)
         {
        + /* We need to create a nonce which:
        + * a) changes all the time (see r->request_time)
        + * below and
        + * b) of which we can verify that it is our own
        + * fairly easily when it comes to veryfing
        + * the digest coming back in the response.
        + * c) and which as a whole should not
        + * be unlikely to be in use anywhere else.
        + */
        + char * nonce_prefix = ap_md5(r->pool,
        + ap_psprintf(r->pool, "%lu",
        + ap_auth_nonce(r), r->request_time));
        +
         ap_table_setn(r->err_headers_out,
         r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
         &n

- 漏洞信息 (F33414)

apache_1.3.31.tar.gz (PacketStormID:F33414)
2004-05-25 00:00:00
 
unix
CVE-2003-0987,CVE-2003-0020,CVE-2004-0174,CVE-2003-0993
[点击下载]

Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed.

- 漏洞信息

3819
Apache HTTP Server mod_digest Cross Realm Credential Replay
Remote / Network Access Authentication Management
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

Apache mod_digest contains a flaw that may allow a malicious user to conduct replay attack against a website using htdigest protection. The issue is triggered when sending the digest authentication credentials again to a different website. It is possible that the flaw may allow gain unauthorised access to other websites. resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2004-02-04 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Always use HTTPS on websites requiring authentication. The vulnerability will be fixed in Apache 1.3.30.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache mod_digest Client-Supplied Nonce Verification Vulnerability
Access Validation Error 9571
Yes No
2004-02-03 12:00:00 2009-07-12 02:06:00
Discovery is credited to Dirk-Willem van Gulik.

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
SCO Open Server 5.0.7
SCO Open Server 5.0.6
RedHat Stronghold 4.0
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD -current
IBM HTTP Server 1.3.19
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- RedHat Linux 7.1
- S.u.S.E. Linux 7.1
- Sun Solaris 7.0
- Sun Solaris 2.6
HP Webproxy A.02.10
+ HP HP-UX B.11.04
HP Webproxy A.02.00
+ HP HP-UX B.11.04
HP VirtualVault A.04.70
+ HP HP-UX B.11.04
HP VirtualVault A.04.60
+ HP HP-UX B.11.04
HP VirtualVault A.04.50
+ HP HP-UX B.11.04
Avaya Network Routing
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Communication Manager 2.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 2.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 1.3.1
+ Avaya Communication Manager Server DEFINITY Server R10
+ Avaya Communication Manager Server DEFINITY Server R10
+ Avaya Communication Manager Server DEFINITY Server R11
+ Avaya Communication Manager Server DEFINITY Server R9
+ Avaya Communication Manager Server DEFINITY Server R9
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya Communication Manager 1.1
+ Avaya Communication Manager Server DEFINITY Server R10
+ Avaya Communication Manager Server DEFINITY Server R10
+ Avaya Communication Manager Server DEFINITY Server R11
+ Avaya Communication Manager Server DEFINITY Server R9
+ Avaya Communication Manager Server DEFINITY Server R9
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Apple mod_digest_apple
+ Apple Mac OS X 10.3.6
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.3.4
+ Apple Mac OS X 10.3.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X Server 10.3.6
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.3.4
+ Apple Mac OS X Server 10.3.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
Apache Software Foundation Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+ Conectiva Linux 8.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
+ OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
+ OpenBSD OpenBSD 3.1
+ Oracle Oracle HTTP Server 9.2 .0
+ Oracle Oracle HTTP Server 9.0.1
+ Oracle Oracle9i Application Server 9.0.2
+ Oracle Oracle9i Application Server 1.0.2 .2
+ Oracle Oracle9i Application Server 1.0.2 .1s
+ Oracle Oracle9i Application Server 1.0.2
+ Slackware Linux 8.1
+ Unisphere Networks SDX-300 2.0.3
Apache Software Foundation Apache 1.3.23
- IBM AIX 4.3
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.22
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
Apache Software Foundation Apache 1.3.20
- HP HP-UX 11.22
- HP HP-UX 11.20
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ SGI IRIX 6.5.18
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.14
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.13
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.12
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
+ Sun Solaris 9_x86 Update 2
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun SunOS 5.9 _x86
+ Sun SunOS 5.9
Apache Software Foundation Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.20
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
+ Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 3.0
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- SGI IRIX 6.5.8
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
- MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Software Foundation Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0
+ Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
+ Sun SunOS 5.8 _x86
+ Sun SunOS 5.8
Apache Software Foundation Apache 1.3.7 -dev
Apache Software Foundation Apache 1.3.6
+ Sun Cobalt ManageRaQ3 3000R-mr
+ Sun Cobalt RaQ3 3000R
+ Sun Cobalt Velociraptor
Apache Software Foundation Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Posadis Posadis 1.3.31
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current

- 不受影响的程序版本

Posadis Posadis 1.3.31
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current

- 漏洞讨论

Patches have been released for the Apache mod_digest module to include digest replay protection. The module reportedly did not adequately verify client-supplied nonces against the server issued nonce. This could permit a remote attacker to replay the response of another website or section of the same website under some circumstances.

It should be noted that this issue does not exist in mod_auth_digest module.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The following referenced patch will be included in the upcoming release of Apache 1.3.30:

http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html

This fix is also reportedly available through CVS.

Avaya has released an advisory (ASA-2005-010_RHSA-2004-600) that acknowledges this vulnerability for Avaya products. Please see the referenced Avaya advisory for further details.

SCO has released an advisory (SCOSA-2004.14) to address this issue for OpenServer 5.0.6 and 5.0.7. Please see the referenced advisory for further information regarding obtaining fixes for affected operating systems.

Sun has released an alert (Alert ID: 57628) that includes workarounds and preliminary T-Patches to address this and other issues in Apache. Customers are advised to read the referenced advisory for further information pertaining to obtaining and applying appropriate workarounds and T-Patches.

OpenPKG has released an advisory OpenPKG-SA-2004.021 to address this and other issues in Apache. Please see the referenced advisory for more information.

Slackware has released an advisory SSA:2004-133-01 to address this and other issues in Apache. Please see the referenced advisory for more information.

Trustix has released an advisory TSLSA-2004-0027 to address this and other issues in Apache. Please see the referenced advisory for more information.

Mandrake has issued advisory MDKSA-2004:046 and fixes. See advisory in the reference section for more information.

Mandrake has issued a revised advisory and fixes. See advisory MDKSA-2004:046-1 in the reference section for more information.

Turbolinux has issued advisory TLSA-2004-17 and fixes. See advisory in the reference section for more information.

OpenBSD has released patches for OpenBSD 3.4 and 3.5. Please see the patch files for instructions on applying and rebuilding the affected binaries. New snapshots and OpenBSD-current as of 12 June 2004 contain the fixes as well.

Apache Server version 1.3.31 has been released to address this and other issues.

HP has released an advisory (HPSBUX01069) to address this and other issues. Please see the referenced advisory for more information.

Sun has released an alert (Alert ID: 57628) containing preliminary T-patches to address this and other issues in Apache. Please see the advisory in web references for more information.

Sun has released an update to Sun Alert ID: 57628. Patches for Solaris 9.0 have been made available. Patches for Solaris 8.0 are still pending.

Sun has released an update to Sun Alert ID: 57628. T-Patches (T116973-01, T116974-01) are available through normal support channels for Solaris 8 SPARC platform and Solaris 8 x86 platform. Please see the referenced Sun alert for more information.

Apple has released an advisory (APPLE-SA-2004-12-02) dealing with this and other issues. This security update resolves this issue by installing Apache version 1.3.33, which has been fixed against this issue. Furthermore Apple has announced that this issue also affects its mod_digest_apple. The affected module is patched with the associated security update as well. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:600-12 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Red Hat has released advisory RHSA-2005:816-10 to address this issue for Red Hat Stronghold for Enterprise Linux. Please see the referenced advisory for further information on obtaining fixes.


OpenBSD OpenBSD 3.5

Apple mod_digest_apple

OpenBSD OpenBSD 3.4

Sun Solaris 9

Sun Solaris 9_x86

Apache Software Foundation Apache 1.3

Apache Software Foundation Apache 1.3.1

Apache Software Foundation Apache 1.3.11

Apache Software Foundation Apache 1.3.12

Apache Software Foundation Apache 1.3.14

Apache Software Foundation Apache 1.3.17

Apache Software Foundation Apache 1.3.18

Apache Software Foundation Apache 1.3.19

Apache Software Foundation Apache 1.3.20

Apache Software Foundation Apache 1.3.22

Apache Software Foundation Apache 1.3.23

Apache Software Foundation Apache 1.3.24

Apache Software Foundation Apache 1.3.25

Apache Software Foundation Apache 1.3.26

Apache Software Foundation Apache 1.3.27

Apache Software Foundation Apache 1.3.28

Apache Software Foundation Apache 1.3.29

Apache Software Foundation Apache 1.3.3

Apache Software Foundation Apache 1.3.4

Apache Software Foundation Apache 1.3.6

Apache Software Foundation Apache 1.3.7 -dev

Apache Software Foundation Apache 1.3.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站