Gregory Trubetskoy mod_python输入模块访问漏洞

漏洞信息详情

Gregory Trubetskoy mod_python输入模块访问漏洞

• CNNVD编号：CNNVD-200205-010
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0185
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-05-16
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-09-14
  
• 厂        商：
  
  apache
• 漏洞来源：
  Discovered by Alla…

mod_python 2.7.6及其早期版本允许模块通过已发布模块间接地输入然后借助发布者访问。远程攻击者从输入模块调用可能危险的函数。

Javier Quinteros has suggested that including the following line at the top of sensitive modules will prevent direct access:
__auth__ = {}
An updated version is available:
Gregory Trubetskoy mod_python 2.7
@fadu.uba.ar>

• Gregory Trubetskoy mod_python-2.7.8.tgz
  
  http://www.modpython.org/dist/mod_python-2.7.8.tgz

Gregory Trubetskoy mod_python 2.7.1

• Gregory Trubetskoy mod_python-2.7.8.tgz
  
  http://www.modpython.org/dist/mod_python-2.7.8.tgz

Gregory Trubetskoy mod_python 2.7.2

• Gregory Trubetskoy mod_python-2.7.8.tgz
  
  http://www.modpython.org/dist/mod_python-2.7.8.tgz

Gregory Trubetskoy mod_python 2.7.3

• Gregory Trubetskoy mod_python-2.7.8.tgz
  
  http://www.modpython.org/dist/mod_python-2.7.8.tgz

Gregory Trubetskoy mod_python 2.7.4

• Gregory Trubetskoy mod_python-2.7.8.tgz
  
  http://www.modpython.org/dist/mod_python-2.7.8.tgz

Gregory Trubetskoy mod_python 2.7.5

• Conectiva mod_python-2.7.8-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mod_python-2.7.8-1U70_1cl
  .i386.rpm
• Conectiva mod_python-2.7.8-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mod_python-2.7.8-1U8_1cl.i3
  86.rpm
• Gregory Trubetskoy mod_python-2.7.8.tgz
  
  http://www.modpython.org/dist/mod_python-2.7.8.tgz

Gregory Trubetskoy mod_python 2.7.6

• Gregory Trubetskoy mod_python-2.7.8.tgz
  
  http://www.modpython.org/dist/mod_python-2.7.8.tgz
• Red Hat mod_python-2.7.8-1.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mod_python-2.7.8-1.i386.rpm
• Red Hat mod_python-2.7.8-1.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/mod_python-2.7.8-1.ia64.rpm

Gregory Trubetskoy mod_python 2.7.7

• Gregory Trubetskoy mod_python-2.7.8.tgz
  
  http://www.modpython.org/dist/mod_python-2.7.8.tgz

来源: www.modpython.org
链接:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html

来源: www.modpython.org
链接:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html

来源: BID
名称: 4656
链接:http://www.securityfocus.com/bid/4656

来源: REDHAT
名称: RHSA-2002:070
链接:http://www.redhat.com/support/errata/RHSA-2002-070.html

来源: XF
名称: modpython-imported-module-access(8997)
链接:http://www.iss.net/security_center/static/8997.php

来源: CONECTIVA
名称: CLA-2002:477
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477