CVE-2004-2680
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2011-03-07 21:19:16
NMCOPS    

[原文]mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.


[CNNVD]Apache mod_python输出滤波器模式信息泄露漏洞(CNNVD-200412-1012)

        输出滤波器处理超过16384个字节时,mod_python (libapache2-mod-python) 3.1.4及其以前版本不能正确处理,该漏洞可导致filter.read回到先前释放的内存部分。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2680
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2680
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-1012
(官方数据源) CNNVD

- 其它链接及资源

https://launchpad.net/bugs/89308
(PATCH)  CONFIRM  https://launchpad.net/bugs/89308
http://www.vupen.com/english/advisories/2007/0846
(UNKNOWN)  VUPEN  ADV-2007-0846
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772@pixar.com%3e
(UNKNOWN)  MLIST  [httpd-python-dev] 20040416 patch for filterobject.c
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772@pixar.com%3e
(UNKNOWN)  MLIST  [httpd-python-dev] 20040416 possible bug in filter.write()
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772@pixar.com%3e
(UNKNOWN)  MLIST  [httpd-python-dev] 20040416 Re: possible bug in filter.write()
https://issues.rpath.com/browse/RPL-1105
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-1105
http://xforce.iss.net/xforce/xfdb/14751
(UNKNOWN)  XF  modpython-outputfilter-info-disclosure(14751)
http://www.ubuntu.com/usn/usn-430-1
(UNKNOWN)  UBUNTU  USN-430-1
http://www.securityfocus.com/bid/22849
(UNKNOWN)  BID  22849
http://www.securityfocus.com/archive/1/archive/1/462185/100/0/threaded
(UNKNOWN)  BUGTRAQ  20070307 rPSA-2007-0051-1 mod_python
http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561
(UNKNOWN)  CONFIRM  http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561
http://secunia.com/advisories/24424
(UNKNOWN)  SECUNIA  24424
http://secunia.com/advisories/24418
(UNKNOWN)  SECUNIA  24418

- 漏洞信息

Apache mod_python输出滤波器模式信息泄露漏洞
中危 设计错误
2004-12-31 00:00:00 2007-03-08 00:00:00
远程  
        输出滤波器处理超过16384个字节时,mod_python (libapache2-mod-python) 3.1.4及其以前版本不能正确处理,该漏洞可导致filter.read回到先前释放的内存部分。
        

- 公告与补丁

        The vendor released an update to address this issue. Please see the references for more information.

- 漏洞信息 (F54944)

Ubuntu Security Notice 430-1 (PacketStormID:F54944)
2007-03-09 00:00:00
Ubuntu  security.ubuntu.com
advisory
linux,ubuntu
CVE-2004-2680
[点击下载]

Ubuntu Security Notice 430-1 - Miles Egan discovered that mod_python, when used in output filter mode, did not handle output larger than 16384 bytes, and would display freed memory, possibly disclosing private data. Thanks to Jim Garrison of the Software Freedom Law Center for identifying the original bug as a security vulnerability.

=========================================================== 
Ubuntu Security Notice USN-430-1             March 06, 2007
libapache2-mod-python vulnerability
CVE-2004-2680
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libapache2-mod-python                    3.1.3-3ubuntu1.1

Ubuntu 6.06 LTS:
  libapache2-mod-python                    3.1.4-0ubuntu1.1

After a standard system upgrade you need to restart Apache to effect the 
necessary changes.

Details follow:

Miles Egan discovered that mod_python, when used in output filter mode, 
did not handle output larger than 16384 bytes, and would display freed 
memory, possibly disclosing private data.  Thanks to Jim Garrison of the 
Software Freedom Law Center for identifying the original bug as a 
security vulnerability.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-3ubuntu1.1.diff.gz
      Size/MD5:    42855 1529fea7b05b869a360b6bc68d52386e
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-3ubuntu1.1.dsc
      Size/MD5:      810 63072c8e787515557969a57119e5d4c5
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3.orig.tar.gz
      Size/MD5:   293548 2e1983e35edd428f308b0dfeb1c23bfe

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.3-3ubuntu1.1_all.deb
      Size/MD5:   101052 02819855dfc2346b9582b8687b7ce3f3
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-3ubuntu1.1_all.deb
      Size/MD5:    12890 29d8f3ad95844a81ef2bac9921be4ea2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-3ubuntu1.1_amd64.deb
      Size/MD5:    88482 bbbc44abd50a165ae5df51d97c8b59f4
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.4_3.1.3-3ubuntu1.1_amd64.deb
      Size/MD5:    88506 33430412a637252533673023a0eb556e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-3ubuntu1.1_i386.deb
      Size/MD5:    80692 43cf25dacf95697200b50280ff4b1c74
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.4_3.1.3-3ubuntu1.1_i386.deb
      Size/MD5:    80722 7003abb20896ed3d218febd92ad176c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-3ubuntu1.1_powerpc.deb
      Size/MD5:    85980 75be899b0568d8a332ac04ae820d955e
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.4_3.1.3-3ubuntu1.1_powerpc.deb
      Size/MD5:    86010 f706350855b692417a9d32f2c1962abd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-3ubuntu1.1_sparc.deb
      Size/MD5:    82038 0b8d6e081d3e6506139a9fac4674d8ad
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.4_3.1.3-3ubuntu1.1_sparc.deb
      Size/MD5:    82078 71b5c528867eb166cd140a564d3fde0b

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.4-0ubuntu1.1.diff.gz
      Size/MD5:    25348 f53b1e046220df8e1cdcf4cd602ac563
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.4-0ubuntu1.1.dsc
      Size/MD5:      769 41f6be106885d14e487317c57cc8e940
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.4.orig.tar.gz
      Size/MD5:   308510 607175958137b06bcda91110414c82a1

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.4-0ubuntu1.1_all.deb
      Size/MD5:   113106 0b66fc0e0a15cbc6a57df85100e3ca62
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.4-0ubuntu1.1_all.deb
      Size/MD5:    13076 5488f0a55a436648c587e9a300d63881

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.4_3.1.4-0ubuntu1.1_amd64.deb
      Size/MD5:    88678 8542060889c4b3c32a6937070911bf33

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.4_3.1.4-0ubuntu1.1_i386.deb
      Size/MD5:    80676 13f3b9e1d7260ad8c34f7597954ed315

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.4_3.1.4-0ubuntu1.1_powerpc.deb
      Size/MD5:    85840 684789cb3c7acbeed9064200554d8da4

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.4_3.1.4-0ubuntu1.1_sparc.deb
      Size/MD5:    82000 297ab56501345f12ee9c6c0951287980

    

- 漏洞信息

32724
Apache mod_python _filter_read Freed Memory Disclosure
Vendor Verified

- 漏洞描述

- 时间线

2004-04-16 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache mod_python Output Filter Mode Information Disclosure Vulnerability
Design Error 22849
Yes No
2007-03-06 12:00:00 2007-03-08 04:55:00
Miles Egan is credited with the discovery of this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
rPath rPath Linux 1
Apache Software Foundation mod_python 3.1.4
Apache Software Foundation mod_python 3.1.3
Apache Software Foundation mod_python 3.0.4
Apache Software Foundation mod_python 3.0.3
Apache Software Foundation mod_python 3.2.8
Apache Software Foundation mod_python 3.2.7

- 不受影响的程序版本

Apache Software Foundation mod_python 3.2.8
Apache Software Foundation mod_python 3.2.7

- 漏洞讨论

The Apache mod_python module is prone to an information-disclosure vulnerability because of a design error in the affected application.

An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.

- 漏洞利用

Attackers can use a browser to exploit this issue.

- 解决方案

The vendor released an update to address this issue. Please see the references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站