[security-alerts] FW: [SA21197] Apache mod_rewrite Off-By-One Buffer Overflow Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Apache mod_rewrite Off-By-One Buffer Overflow Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA21197
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21197/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Apache 1.3.x
> http://secunia.com/product/72/
> Apache 2.0.x
> http://secunia.com/product/73/
> Apache 2.2.x
> http://secunia.com/product/9633/
> 
> DESCRIPTION:
> A vulnerability has been reported in Apache HTTP Server, which
> potentially can be exploited by malicious people to compromise a
> vulnerable system.
> 
> The vulnerability is caused by a off-by-one error in mod_rewrite and
> can be exploited to cause a one-byte buffer overflow.
> 
> Successful exploitation may crash the web server process or allow
> execution of arbitrary code. However, this depends on the manner
> which Apache HTTP Server was compiled and also requires the
> following:
> * Certain types of Rewrite rules are used where the beginning of the
> rewritten URL is controlled.
> * The RewriteRule flags do not include the Forbidden (F), Gone (G),
> or NoEscape (NE) flag.
> 
> The vulnerability affects Apache 1.3 since 1.3.28, 2.0 since 2.0.46,
> and 2.2 since 2.2.0.
> 
> SOLUTION:
> Update to version 1.3.37, 2.0.59, or 2.2.3.
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Mark Dowd, McAfee Avert Labs.
> 
> ORIGINAL ADVISORY:
> http://www.apache.org/dist/httpd/Announcement1.3.html
> http://www.apache.org/dist/httpd/Announcement2.0.html
> http://www.apache.org/dist/httpd/Announcement2.2.html
>