发布时间 :2005-05-02 00:00:00
修订时间 :2017-10-10 21:29:50

[原文]The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.

[CNNVD]Apache mod_python Module Publisher Handler信息泄露漏洞(CNNVD-200505-566)

        用于mod_python 2.7.8及更早版本的publisher handler使得远程攻击者可以通过特制的URL获得受限制对象的访问权。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:apache:mod_python:1.9aApache Software Foundation mod_python 1.9a
cpe:/a:apache:mod_python:2.0Apache Software Foundation mod_python 2.0
cpe:/a:apache:mod_python:2.1Apache Software Foundation mod_python 2.1
cpe:/a:apache:mod_python:2.2Apache Software Foundation mod_python 2.2
cpe:/a:apache:mod_python:2.3Apache Software Foundation mod_python 2.3
cpe:/a:apache:mod_python:2.4Apache Software Foundation mod_python 2.4
cpe:/a:apache:mod_python:2.4.1Apache Software Foundation mod_python 2.4.1
cpe:/a:apache:mod_python:2.5Apache Software Foundation mod_python 2.5
cpe:/a:apache:mod_python:2.6Apache Software Foundation mod_python 2.6
cpe:/a:apache:mod_python:2.6.1Apache Software Foundation mod_python 2.6.1
cpe:/a:apache:mod_python:2.6.2Apache Software Foundation mod_python 2.6.2
cpe:/a:apache:mod_python:2.6.3Apache Software Foundation mod_python 2.6.3
cpe:/a:apache:mod_python:2.6.4Apache Software Foundation mod_python 2.6.4
cpe:/a:apache:mod_python:2.7Apache Software Foundation mod_python 2.7
cpe:/a:apache:mod_python:2.7.1Apache Software Foundation mod_python 2.7.1
cpe:/a:apache:mod_python:2.7.2Apache Software Foundation mod_python 2.7.2
cpe:/a:apache:mod_python:2.7.3Apache Software Foundation mod_python 2.7.3
cpe:/a:apache:mod_python:2.7.4Apache Software Foundation mod_python 2.7.4
cpe:/a:apache:mod_python:2.7.5Apache Software Foundation mod_python 2.7.5
cpe:/a:apache:mod_python:2.7.6Apache Software Foundation mod_python 2.7.6
cpe:/a:apache:mod_python:2.7.7Apache Software Foundation mod_python 2.7.7
cpe:/a:apache:mod_python:2.7.8Apache Software Foundation mod_python 2.7.8

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10617SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands vi...

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050211 [USN-80-1] mod_python vulnerability
(PATCH)  GENTOO  GLSA-200502-14
(UNKNOWN)  BID  12519
(UNKNOWN)  TRUSTIX  2005-0003

- 漏洞信息

Apache mod_python Module Publisher Handler信息泄露漏洞
高危 访问验证错误
2005-05-02 00:00:00 2006-09-21 00:00:00
        用于mod_python 2.7.8及更早版本的publisher handler使得远程攻击者可以通过特制的URL获得受限制对象的访问权。

- 公告与补丁


- 漏洞信息 (F36152)

Ubuntu Security Notice 80-1 (PacketStormID:F36152)
2005-02-23 00:00:00
advisory,info disclosure

Ubuntu Security Notice USN-80-1 - Graham Dumpleton discovered an information disclosure in the publisher handle of mod_python. By requesting a carefully crafted URL for a published module page, anybody can obtain extra information about internal variables, objects, and other information which is not intended to be visible.

Ubuntu Security Notice USN-80-1		  February 11, 2005
libapache2-mod-python vulnerabilities

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 3.1.3-1ubuntu3.2.  After a standard system upgrade you need to
restart the Apache 2 web server using

  sudo /etc/init.d/apache2 restart

to effect the necessary changes.

Details follow:

Graham Dumpleton discovered an information disclosure in the
"publisher" handle of mod_python. By requesting a carefully crafted
URL for a published module page, anybody can obtain extra information
about internal variables, objects, and other information which is not
intended to be visible.

  Source archives:
      Size/MD5:    24067 485183927dd680eedb351cedbd0bb882
      Size/MD5:      806 3b141dd6a13c2abc0c1780ff8d9c34aa
      Size/MD5:   293548 2e1983e35edd428f308b0dfeb1c23bfe

  Architecture independent packages:
      Size/MD5:   100700 6890472b77b13191bf5106123bbebc6c
      Size/MD5:    12462 b48ab5f2c09c47bfe0c7c02243766c4f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    87564 e331d0cbb7aacadc64ef44d41d326587
      Size/MD5:    87650 0dcbdb227cae1b4721c4b8e0454b4ea6

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    80502 003d29054ae210f2f81826bac8de7856
      Size/MD5:    80538 1813380c5c39583e9311e117f2823aca

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    85218 d56d5f3a5cda43096dda9d1d7fc3fc0b
      Size/MD5:    85350 9df8b87f95570137d2402818a252b38d

- 漏洞信息

Apache mod_python Traversal Arbitrary Object Information Disclosure
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Vendor Verified

- 漏洞描述

Mod_python contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker sends a specially crafted url, which may disclose arbitrary object information such as published object names, resulting in a loss of confidentiality.

- 时间线

2005-02-11 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.2.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
Access Validation Error 12519
Yes No
2005-02-10 12:00:00 2006-12-07 08:39:00
Discovery is credited to Graham Dumpleton.

- 受影响的程序版本

Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
SGI ProPack 3.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Gregory Trubetskoy mod_python 3.1.3
+ Conectiva Linux 10.0
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Gregory Trubetskoy mod_python 3.0.4
Gregory Trubetskoy mod_python 3.0.3
+ Conectiva Linux 9.0
Gregory Trubetskoy mod_python 3.0.2
Gregory Trubetskoy mod_python 3.0.1
Gregory Trubetskoy mod_python 3.0
Gregory Trubetskoy mod_python 2.7.10
Gregory Trubetskoy mod_python 2.7.9
+ Conectiva Linux Enterprise Edition 1.0
Gregory Trubetskoy mod_python 2.7.8
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Gregory Trubetskoy mod_python 2.7.7
Gregory Trubetskoy mod_python 2.7.6
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
Gregory Trubetskoy mod_python 2.7.5
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
Gregory Trubetskoy mod_python 2.7.4
Gregory Trubetskoy mod_python 2.7.3
Gregory Trubetskoy mod_python 2.7.2
Gregory Trubetskoy mod_python 2.7.1
Gregory Trubetskoy mod_python 2.7

- 漏洞讨论

The mod_python module publisher handler is prone to a remote information-disclosure vulnerability. This issue may allow remote unauthorized attackers to gain access to sensitive objects.

Information obtained through the exploitation of this issue may aid attackers in launching further attacks against an affected server.

All versions of mod_python are considered vulnerable at the moment.

- 漏洞利用

An exploit is not required to leverage this issue.

- 解决方案

Please see the referenced vendor advisories for details on obtaining and applying fixes.

Gregory Trubetskoy mod_python 2.7.6

Gregory Trubetskoy mod_python 2.7.8

SGI ProPack 3.0

Gregory Trubetskoy mod_python 3.0.1

Gregory Trubetskoy mod_python 3.0.3

Gregory Trubetskoy mod_python 3.0.4

Gregory Trubetskoy mod_python 3.1.3

- 相关参考