CVE-2004-0809
CVSS5.0
发布时间 :2004-09-16 00:00:00
修订时间 :2010-08-21 00:21:19
NMCOS    

[原文]The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.


[CNNVD]Apache Mod_DAV LOCK远程拒绝服务漏洞(CNNVD-200409-043)

        
        Apache HTTP服务器是流行的开源WEB服务器程序,可使用在Unix和Windows操作系统下。
        Apache Web Server的'mod_dav'模块在处理LOCK命令时存在问题,远程攻击者可以利用这个漏洞对服务程序拒绝服务攻击。
        当Apache配置使用'mod_dav'模块时,接收到验证用户一特殊序列的LOCK命令时会导致Apache进程崩溃。如果Apache配置使用线程进程模型,攻击者可以完全使Apache崩溃,如果配置成使用多进程方式,攻击者可以使独立的WEB服务进程崩溃。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/a:hp:secure_web_server_for_tru64:5.9.1HP Tru64 UNIX Compaq Secure Web Server 5.9.1
cpe:/a:hp:secure_web_server_for_tru64:5.1_a
cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/o:turbolinux:turbolinux_server:10.0
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/a:hp:secure_web_server_for_tru64:5.8.2HP Tru64 UNIX Compaq Secure Web Server 5.8.2
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/a:hp:secure_web_server_for_tru64:5.0_a
cpe:/o:turbolinux:turbolinux_home
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/a:hp:secure_web_server_for_tru64:6.3.0HP Tru64 UNIX Compaq Secure Web Server 6.3
cpe:/a:hp:secure_web_server_for_tru64:5.8.1HP Tru64 UNIX Compaq Secure Web Server 5.8.1
cpe:/a:hp:secure_web_server_for_tru64:5.1
cpe:/a:apache:http_server:2.0.47Apache Software Foundation Apache HTTP Server 2.0.47
cpe:/o:hp:hp-ux:11.23::ia64_64-bit
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/a:hp:secure_web_server_for_tru64:5.9.2HP Tru64 UNIX Compaq Secure Web Server 5.9.2
cpe:/o:hp:hp-ux:11.11HP-UX 11.11
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/a:hp:secure_web_server_for_tru64:4.0_g
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/a:hp:secure_web_server_for_tru64:4.0_f
cpe:/o:turbolinux:turbolinux_desktop:10.0
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/a:apache:http_server:2.0.50Apache Software Foundation Apache HTTP Server 2.0.50
cpe:/o:hp:hp-ux:11.22HP-UX 11i v1.6
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9588The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain seq...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0809
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200409-043
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/17366
(VENDOR_ADVISORY)  XF  apache-moddav-lock-dos(17366)
http://www.trustix.org/errata/2004/0047/
(VENDOR_ADVISORY)  TRUSTIX  2004-0047
http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200409-21
http://www.debian.org/security/2004/dsa-558
(VENDOR_ADVISORY)  DEBIAN  DSA-558
http://www.redhat.com/support/errata/RHSA-2004-463.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:463
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33
(UNKNOWN)  CONFIRM  http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33

- 漏洞信息

Apache Mod_DAV LOCK远程拒绝服务漏洞
中危 其他
2004-09-16 00:00:00 2005-10-20 00:00:00
远程  
        
        Apache HTTP服务器是流行的开源WEB服务器程序,可使用在Unix和Windows操作系统下。
        Apache Web Server的'mod_dav'模块在处理LOCK命令时存在问题,远程攻击者可以利用这个漏洞对服务程序拒绝服务攻击。
        当Apache配置使用'mod_dav'模块时,接收到验证用户一特殊序列的LOCK命令时会导致Apache进程崩溃。如果Apache配置使用线程进程模型,攻击者可以完全使Apache崩溃,如果配置成使用多进程方式,攻击者可以使独立的WEB服务进程崩溃。
        

- 公告与补丁

        厂商补丁:
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2004:463-01)以及相应补丁:
        RHSA-2004:463-01:Updated httpd packages fix security issues
        链接:
        http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1390.1

        补丁下载:
        Red Hat Enterprise Linux AS version 3:
        SRPMS:
        ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm
        118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm
        i386:
        d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm
        47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm
        31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm
        ia64:
        003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm
        5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm
        8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm
        ppc:
        ba15fb395941153af8a1948e815a7766 httpd-2.0.46-40.ent.ppc.rpm
        2c0fea7d2609184e9c83f217467d6604 httpd-devel-2.0.46-40.ent.ppc.rpm
        47af970958b311d847c371f613598860 mod_ssl-2.0.46-40.ent.ppc.rpm
        s390:
        665d880863e1b6d42b781c4bdf669dbc httpd-2.0.46-40.ent.s390.rpm
        fb62b8c10de648d5bcc47e02283e08e2 httpd-devel-2.0.46-40.ent.s390.rpm
        b76e2e9b285be2a504d2bbf0891d8d61 mod_ssl-2.0.46-40.ent.s390.rpm
        s390x:
        7b4e52ec167fcdc9a28ee182665cafb6 httpd-2.0.46-40.ent.s390x.rpm
        5f22b40c3cc27953d3395c2ba7a025dd httpd-devel-2.0.46-40.ent.s390x.rpm
        499cd6bba360fba292653ec177804487 mod_ssl-2.0.46-40.ent.s390x.rpm
        x86_64:
        571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm
        8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm
        18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm
        Red Hat Desktop version 3:
        SRPMS:
        ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm
        118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm
        i386:
        d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm
        47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm
        31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm
        x86_64:
        571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm
        8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm
        18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm
        Red Hat Enterprise Linux ES version 3:
        SRPMS:
        ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm
        118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm
        i386:
        d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm
        47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm
        31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm
        ia64:
        003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm
        5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm
        8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm
        x86_64:
        571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm
        8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm
        18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm
        Red Hat Enterprise Linux WS version 3:
        SRPMS:
        ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm
        118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm
        i386:
        d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm
        47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm
        31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm
        ia64:
        003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm
        5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm
        8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm
        x86_64:
        571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm
        8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm
        18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm
        Apache Software Foundation
        --------------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apache Software Foundation Apache 2.0.50:
         Apache Software Foundation Upgrade httpd-2.0.51.tar.gz
        
        http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

        Gentoo
        ------
        Gentoo已经为此发布了一个安全公告(GLSA-200409-21)以及相应补丁:
        GLSA-200409-21:Apache 2, mod_dav: Multiple vulnerabilities
        链接:
        http://security.gentoo.org/glsa/glsa-200409-21.xml

         emerge sync
         emerge -pv ">=net-www/apache-2.0.51"
         emerge ">=net-www/apache-2.0.51"
         emerge -pv ">=net-www/mod_dav-1.0.3-r2"
         emerge ">=net-www/mod_dav-1.0.3-r2"

- 漏洞信息

9948
mod_dav for Apache HTTP Server LOCK Request DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

Apache mod_dav contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a particular sequence of LOCK requests and will result in loss of availability for the httpd child process.

- 时间线

2004-09-14 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.0.51-dev or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Apache Mod_DAV LOCK Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 11185
Yes No
2004-09-15 12:00:00 2009-07-12 07:06:00
Julian Reschke <julian.reschke@gmx.de> reported this vulnerability to the vendor.

- 受影响的程序版本

Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Enterprise Linux 2.0
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 3
RedHat Desktop 3.0
Red Hat Enterprise Linux AS 3
IBM HTTP Server 2.0.47 .1
IBM HTTP Server 2.0.47
IBM HTTP Server 2.0.42 .2
IBM HTTP Server 2.0.42 .1
IBM HTTP Server 2.0.42
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux 1.4
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Conectiva Linux 10.0
Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.50
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Apache Software Foundation Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.48
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.3.4
+ Apple Mac OS X Server 10.3.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Apache Software Foundation Apache 2.0.46
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.45
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
+ Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28 Beta
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0 a9
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 2.0.51
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1

- 不受影响的程序版本

Apache Software Foundation Apache 2.0.51
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1

- 漏洞讨论

Apache's 'mod_dav' module is reported susceptible to a denial of service vulnerability.

This vulnerability presents itself when Apache is configured to use the 'mod_dav' module, and it receives a specific sequence of LOCK commands from an authorized user.

This vulnerability can be exploited by remote attackers to crash Apache processes. If Apache is configured to use the threaded process model, an attacker could completely crash Apache. If Apache is configured to use multiple processes as apposed to threads, an attacker could crash individual web server processes. With a sustained attack, they could crash multiple server processes, and still likely deny service to legitimate users.

All versions of Apache 2.0, prior to 2.0.51 are reported vulnerable.

- 漏洞利用

An exploit is not required. The reporter of this issue provided an example sequence of DAV commands sufficient to exploit this vulnerability:

MKCOL x
PUT x/y
LOCK x
LOCK x/y

- 解决方案

Turbolinux has released advisory TLSA-2005-01-13 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Debian has released advisory DSA 558-1 along with fixes to address this issue for Debian systems. Please see the referenced advisory for further information.

RedHat has released advisory RHSA-2004:463-09 along with fixes to address these issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.

Trustix Secure Linux has released an advisory (TSLSA-2004-0047) along with fixes dealing with this, and other issues. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200409-21 to address this, and other issues. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
emerge sync
emerge -pv ">=net-www/apache-2.0.51"
emerge ">=net-www/apache-2.0.51"
emerge -pv ">=net-www/mod_dav-1.0.3-r2"
emerge ">=net-www/mod_dav-1.0.3-r2"

Conectiva Linux has released advisory CLA-2004:868 along with fixes to address this, and other issues. Please see the referenced advisory for further information.

Red Hat Fedora has released an advisory (FEDORA-2004-313) along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

The vendor has released version 2.0.51 to address this, and other issues:

HP has released an advisory (HPSBUX01090) to address various issues affecting HP-UX running Apache and PHP. Please see the referenced advisory for more information.

IBM has released an advisory dealing with this issue for the HTTP Server based on Apache. Please see the referenced advisory for more information.


Apache Software Foundation Apache 2.0

Apache Software Foundation Apache 2.0 a9

Apache Software Foundation Apache 2.0.28

Apache Software Foundation Apache 2.0.28 Beta

Apache Software Foundation Apache 2.0.32

Apache Software Foundation Apache 2.0.35

Apache Software Foundation Apache 2.0.36

Apache Software Foundation Apache 2.0.37

Apache Software Foundation Apache 2.0.38

Apache Software Foundation Apache 2.0.39

Apache Software Foundation Apache 2.0.40

Apache Software Foundation Apache 2.0.41

IBM HTTP Server 2.0.42 .2

Apache Software Foundation Apache 2.0.42

Apache Software Foundation Apache 2.0.43

Apache Software Foundation Apache 2.0.44

Apache Software Foundation Apache 2.0.45

Apache Software Foundation Apache 2.0.46

Apache Software Foundation Apache 2.0.47

IBM HTTP Server 2.0.47 .1

Apache Software Foundation Apache 2.0.48

Apache Software Foundation Apache 2.0.49

Apache Software Foundation Apache 2.0.50

Debian Linux 3.0 alpha

Debian Linux 3.0 mips

Debian Linux 3.0 m68k

Debian Linux 3.0 hppa

Debian Linux 3.0 arm

Debian Linux 3.0 ia-64

Debian Linux 3.0 ia-32

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站