CVE-2004-0786
CVSS5.0
发布时间 :2004-10-20 00:00:00
修订时间 :2011-03-07 21:16:16
NMCOPS    

[原文]The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.


[CNNVD]Apache Web Server远程IPv6缓冲区溢出漏洞(CNNVD-200410-075)

        
        Apache是一款开放源代码WEB服务程序。
        Apache Web Server在处理IPv6通信时存在问题,远程攻击者可以利用这个漏洞对服务程序进行缓冲区溢出攻击。
        Apache的apr-util库中的IPv5 URI解析函数存在输入验证错误,当使用libc内存拷贝函数时不正确处理字符串长度参数,可触发缓冲区溢出,精心构建提交数据可以在基于BSD UNIX的系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:apache:http_server:2.0.47Apache Software Foundation Apache HTTP Server 2.0.47
cpe:/a:apache:http_server:2.0.49Apache Software Foundation Apache HTTP Server 2.0.49
cpe:/a:apache:http_server:2.0.28Apache Software Foundation Apache HTTP Server 2.0.28
cpe:/a:apache:http_server:2.0.48Apache Software Foundation Apache HTTP Server 2.0.48
cpe:/a:apache:http_server:2.0.41Apache Software Foundation Apache HTTP Server 2.0.41
cpe:/a:apache:http_server:2.0.36Apache Software Foundation Apache HTTP Server 2.0.36
cpe:/a:apache:http_server:2.0.40Apache Software Foundation Apache HTTP Server 2.0.40
cpe:/a:apache:http_server:2.0.37Apache Software Foundation Apache HTTP Server 2.0.37
cpe:/a:apache:http_server:2.0.42Apache Software Foundation Apache HTTP Server 2.0.42
cpe:/a:apache:http_server:2.0.35Apache Software Foundation Apache HTTP Server 2.0.35
cpe:/a:apache:http_server:2.0.45Apache Software Foundation Apache HTTP Server 2.0.45
cpe:/a:apache:http_server:2.0.50Apache Software Foundation Apache HTTP Server 2.0.50
cpe:/a:apache:http_server:2.0.43Apache Software Foundation Apache HTTP Server 2.0.43
cpe:/a:apache:http_server:2.0.39Apache Software Foundation Apache HTTP Server 2.0.39
cpe:/a:apache:http_server:2.0.44Apache Software Foundation Apache HTTP Server 2.0.44
cpe:/a:apache:http_server:2.0.46Apache Software Foundation Apache HTTP Server 2.0.46
cpe:/a:apache:http_server:2.0.32Apache Software Foundation Apache HTTP Server 2.0.32
cpe:/a:apache:http_server:2.0Apache Software Foundation Apache HTTP Server 2.0
cpe:/a:apache:http_server:2.0.38Apache Software Foundation Apache HTTP Server 2.0.38

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11380The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (chi...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0786
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-075
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2004-463.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:463
http://xforce.iss.net/xforce/xfdb/17382
(UNKNOWN)  XF  apache-ipv6-aprutil-dos(17382)
http://www.trustix.org/errata/2004/0047/
(UNKNOWN)  TRUSTIX  2004-0047
http://www.novell.com/linux/security/advisories/2004_32_apache2.html
(UNKNOWN)  SUSE  SUSE-SA:2004:032
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096
(UNKNOWN)  MANDRAKE  MDKSA-2004:096
http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
(UNKNOWN)  GENTOO  GLSA-200409-21
http://secunia.com/advisories/12540
(UNKNOWN)  SECUNIA  12540

- 漏洞信息

Apache Web Server远程IPv6缓冲区溢出漏洞
中危 边界条件错误
2004-10-20 00:00:00 2005-10-20 00:00:00
远程  
        
        Apache是一款开放源代码WEB服务程序。
        Apache Web Server在处理IPv6通信时存在问题,远程攻击者可以利用这个漏洞对服务程序进行缓冲区溢出攻击。
        Apache的apr-util库中的IPv5 URI解析函数存在输入验证错误,当使用libc内存拷贝函数时不正确处理字符串长度参数,可触发缓冲区溢出,精心构建提交数据可以在基于BSD UNIX的系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:096)以及相应补丁:
        MDKSA-2004:096:Updated apache2 packages fix multiple vulnerabilities
        链接:
        http://www.linux-mandrake.com/en/security/2004/2004-096.php

        补丁下载:
        Updated Packages:
        Mandrakelinux 10.0:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libapr0-2.0.48-6.6.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm
        Mandrakelinux 10.0/AMD64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.amd64.rpm
        ft

- 漏洞信息 (F34368)

NISCC Security Advisory 403518 (PacketStormID:F34368)
2004-09-15 00:00:00
CPNI  uniras.gov.uk
advisory,web,overflow,arbitrary,vulnerability,code execution
CVE-2004-0786,CVE-2004-0747
[点击下载]

NISCC Vulnerability Advisory 403518/NISCC/APACHE - Two new vulnerabilities have been discovered in Apache. Through the testing of Apache by using the Codenomicon HTTP Test Tool, the ASF Security Team has discovered a bug in the apr-util library, which can lead to arbitrary code execution. SITIC have discovered that Apache suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf, leading to possible privilege escalation. These vulnerabilities affect versions 2.0.35 through 2.0.50.

- 漏洞信息

9994
Apache HTTP Server apr-util IPV6 Parsing DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

The IPv6 URI parsing routines in the apr-util library for Apache HTTP Server and IBM HTTP Server contains a flaw that may allow a remote denial of service. With a specially crafted URI request, a remote attacker could cause a httpd child process to crash, resulting in a loss of availability for the service.

- 时间线

2004-09-15 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.0.51 or higher or apply the patch from IBM, as it has been reported to fix this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
Boundary Condition Error 11187
Yes No
2004-09-15 12:00:00 2009-07-12 07:06:00
Discovery of this issue is credited to the Red Hat ASF Security-Team.

- 受影响的程序版本

Turbolinux Turbolinux Desktop 10.0
Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Enterprise Linux 2.0
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 3
RedHat Desktop 3.0
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 3
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
IBM HTTP Server 2.0.47 .1
IBM HTTP Server 2.0.47
IBM HTTP Server 2.0.42 .2
HP Tru64 UNIX Compaq Secure Web Server 6.3
HP Tru64 UNIX Compaq Secure Web Server 5.9.2
HP Tru64 UNIX Compaq Secure Web Server 5.9.1
HP Tru64 UNIX Compaq Secure Web Server 5.8.2
HP Tru64 UNIX Compaq Secure Web Server 5.8.1
HP Tru64 UNIX Compaq Secure Web Server 5.1 A
HP Tru64 UNIX Compaq Secure Web Server 5.1
HP Tru64 UNIX Compaq Secure Web Server 5.0 A
HP Tru64 UNIX Compaq Secure Web Server 4.0 G
HP Tru64 UNIX Compaq Secure Web Server 4.0 F
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux 1.4
Conectiva Linux 10.0
Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.50
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Apache Software Foundation Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.48
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.3.4
+ Apple Mac OS X Server 10.3.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Apache Software Foundation Apache 2.0.46
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.45
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
+ Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
HP Tru64 UNIX Compaq Secure Web Server 6.3.2 a
Apache Software Foundation Apache 2.0.51
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1

- 不受影响的程序版本

HP Tru64 UNIX Compaq Secure Web Server 6.3.2 a
Apache Software Foundation Apache 2.0.51
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1

- 漏洞讨论

Apache Web Server is reportedly affected by a remote buffer overflow vulnerability. This issue is due to a buffer boundary condition error that fails to provide a valid string length parameter while using libc memory copy functions.

It has been reported that this issue can be exploited to execute arbitrary code on computers running BSD based Unix variants. This issue is reportedly due to the implementation of the 'memcpy()' function.

On Linux based Unix variants this issue can only be exploited to trigger a denial of service condition.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released an upgrade along with a patch dealing with this issue.

HP has released an advisory (HPSBGN01091) and an update to fix this vulnerability and other vulnerabilities in Secure Web Server for Tru64 UNIX; the Secure Web Server product is based on Apache.

SuSE Linux has made an advisory (SUSE-SA:2004:032) available, along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

RedHat has made an advisory (RHSA-2004:463-09) available, along with fixes dealing with this and other issues. Please see the referenced advisory for further information.

Turbolinux has made an advisory (TLSA-2004-28) available, along with fixes dealing with this and other issues. Please see the referenced advisory for further information.

Mandrake Linux has released an advisory (MDKSA-2004:096) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Trustix Secure Linux has released an advisory (TSLSA-2004-0047) along with fixes dealing with this, and other issues. Please see the referenced advisory for further information.

RedHat Linux has released advisories (FEDORA-2004-307, FEDORA-2004-307) along with fixes for Fedora Core 1 and Fedora Core 2 operating systems. Please see the referenced advisories for further information.

Gentoo Linux has released advisory GLSA 200409-21 to address this, and other issues. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
emerge sync
emerge -pv ">=net-www/apache-2.0.51"
emerge ">=net-www/apache-2.0.51"
emerge -pv ">=net-www/mod_dav-1.0.3-r2"
emerge ">=net-www/mod_dav-1.0.3-r2"

Conectiva Linux has released advisory CLA-2004:868 along with fixes to address this, and other issues. Please see the referenced advisory for further information.

IBM has released a fix (PQ94086) to address this and another issue in IBM HTTP Server. Please see the IBM advisory in Web references for more information.

HP has released an advisory (HPSBUX01090) to address various issues affecting HP-UX running Apache and PHP. Please see the referenced advisory for more information.

Apple has released an advisory (APPLE-SA-2004-12-02) dealing with this and other issues. Please see the referenced advisory for more information.


Red Hat Fedora Core2

Red Hat Fedora Core1

Apache Software Foundation Apache 2.0

Apache Software Foundation Apache 2.0.28

Apache Software Foundation Apache 2.0.32

Apache Software Foundation Apache 2.0.35

Apache Software Foundation Apache 2.0.36

Apache Software Foundation Apache 2.0.37

Apache Software Foundation Apache 2.0.38

Apache Software Foundation Apache 2.0.39

Apache Software Foundation Apache 2.0.40

Apache Software Foundation Apache 2.0.41

IBM HTTP Server 2.0.42 .2

Apache Software Foundation Apache 2.0.42

Apache Software Foundation Apache 2.0.43

Apache Software Foundation Apache 2.0.44

Apache Software Foundation Apache 2.0.45

Apache Software Foundation Apache 2.0.46

Apache Software Foundation Apache 2.0.47

IBM HTTP Server 2.0.47

IBM HTTP Server 2.0.47 .1

Apache Software Foundation Apache 2.0.48

Apache Software Foundation Apache 2.0.49

Apache Software Foundation Apache 2.0.50

HP Tru64 UNIX Compaq Secure Web Server 4.0 F

HP Tru64 UNIX Compaq Secure Web Server 4.0 G

HP Tru64 UNIX Compaq Secure Web Server 5.0 A

HP Tru64 UNIX Compaq Secure Web Server 5.1

HP Tru64 UNIX Compaq Secure Web Server 5.1 A

HP Tru64 UNIX Compaq Secure Web Server 5.8.1

HP Tru64 UNIX Compaq Secure Web Server 5.8.2

HP Tru64 UNIX Compaq Secure Web Server 5.9.1

HP Tru64 UNIX Compaq Secure Web Server 5.9.2

HP Tru64 UNIX Compaq Secure Web Server 6.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站