3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
93 lines
3 KiB
Text
93 lines
3 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-96:02 Security Advisory
|
|
FreeBSD, Inc.
|
|
|
|
Topic: apache httpd meta-character escaping
|
|
|
|
Category: port
|
|
Module: apache
|
|
Announced: 1996-04-22
|
|
Affects: FreeBSD 2.0.5 and 2.1.0 ports/packages distributions
|
|
with apache http daemon installed an enabled
|
|
Corrected: 1996-04-21 ports source code
|
|
Source: Generic apache distribution bug
|
|
FreeBSD only: no
|
|
|
|
Reference: CERT Advisory CA-96.06.cgi_example_code
|
|
(warning: CERT's advisory is incomplete)
|
|
|
|
Patches: no patches available, see below for update
|
|
|
|
=============================================================================
|
|
|
|
I. Background
|
|
|
|
A bug was found in the apache daemon that may allow remote
|
|
users to obtain unauthorized access to a machine running
|
|
apache httpd.
|
|
|
|
|
|
II. Problem Description
|
|
|
|
Versions of the apache http daemon before release 1.05 do
|
|
not properly restrict shell meta-characters transmitted to
|
|
the daemon via form input (via GET or POST).
|
|
|
|
|
|
III. Impact
|
|
|
|
The problem could allow remote users to gain unauthorized access
|
|
to a system. This problem is only exploitable on systems where
|
|
the apache http daemon has been installed and is enabled.
|
|
|
|
The apache http daemon is not installed or enabled by default
|
|
but is a common package that many FreeBSD users may have chosen
|
|
to install.
|
|
|
|
IV. Solution(s)
|
|
|
|
The Apache Group released version 1.05 of the daemon which fixes
|
|
this vulnerability. The FreeBSD Project updated the ports and
|
|
packages system to use this new daemon.
|
|
|
|
Interested parties may obtain an updated pre-compiled FreeBSD
|
|
package from:
|
|
|
|
ftp://ftp.freebsd.org/pub/FreeBSD/packages-current/www/apache-1.0.5.tgz
|
|
|
|
and an updated "automatic port" from the directory hierarchy:
|
|
|
|
ftp://ftp.freebsd.org/pub/FreeBSD/ports-current/www/apache.tar.gz
|
|
|
|
V. Workaround
|
|
|
|
This vulnerability can only be eliminated by updating to a more recent
|
|
version of apache or by disabling apache httpd.
|
|
|
|
|
|
=============================================================================
|
|
FreeBSD, Inc.
|
|
|
|
Web Site: http://www.freebsd.org/
|
|
Confidential contacts: security-officer@freebsd.org
|
|
PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc
|
|
Security notifications: security-notifications@freebsd.org
|
|
Security public discussion: security@freebsd.org
|
|
|
|
Notice: Any patches in this document may not apply cleanly due to
|
|
modifications caused by digital signature or mailer software.
|
|
Please reference the URL listed at the top of this document
|
|
for original copies of all patches if necessary.
|
|
=============================================================================
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaLAi1UuHi5z0oilAQHqiQP/VKL3RhyNc3jmYyH6ydteiQUQ1+t7boqr
|
|
304LP9g3ifq/cdxDwjbR4joiVjTNsqvOE1LQryI0qHq6nFPqGBsnHZI+thYGNYdI
|
|
rjKOMRPF2VbzFx0W7mdvnQLxfCcU8Ma3A0zlub5hhqvN2gg3RVTXNYnF2FHIFL77
|
|
cVdx+nVibo8=
|
|
=tNpA
|
|
-----END PGP SIGNATURE-----
|