Apache Web Server远程IPv6缓冲区溢出漏洞

漏洞信息详情

Apache Web Server远程IPv6缓冲区溢出漏洞

漏洞简介

Apache是一款开放源代码WEB服务程序。
Apache Web Server在处理IPv6通信时存在问题,远程攻击者可以利用这个漏洞对服务程序进行缓冲区溢出攻击。
Apache的apr-util库中的IPv5 URI解析函数存在输入验证错误,当使用libc内存拷贝函数时不正确处理字符串长度参数,可触发缓冲区溢出,精心构建提交数据可以在基于BSD UNIX的系统上执行任意指令。

漏洞公告

厂商补丁:
MandrakeSoft
————
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:096)以及相应补丁:

MDKSA-2004:096:Updated apache2 packages fix multiple vulnerabilities

链接:http://www.linux-mandrake.com/en/security/2004/2004-096.php” target=”_blank”>
http://www.linux-mandrake.com/en/security/2004/2004-096.php

补丁下载:

Updated Packages:

Mandrakelinux 10.0:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libapr0-2.0.48-6.6.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.amd64.rpm

ft


参考网址

来源: REDHAT
名称: RHSA-2004:463
链接:http://www.redhat.com/support/errata/RHSA-2004-463.html

来源: XF
名称: apache-ipv6-aprutil-dos(17382)
链接:http://xforce.iss.net/xforce/xfdb/17382

来源: TRUSTIX
名称: 2004-0047
链接:http://www.trustix.org/errata/2004/0047/

来源: REDHAT
名称: RHSA-2004:463
链接:http://www.redhat.com/support/errata/RHSA-2004-463.html

来源: SUSE
名称: SUSE-SA:2004:032
链接:http://www.novell.com/linux/security/advisories/2004_32_apache2.html

来源: MANDRAKE
名称: MDKSA-2004:096
链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096

来源: GENTOO
名称: GLSA-200409-21
链接:http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml

来源: SECUNIA
名称: 12540
链接:http://secunia.com/advisories/12540

来源: OVAL
名称: oval:org.mitre.oval:def:11380
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11380

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享