rhsa-2003_104
Vulnerability from csaf_redhat
Published
2003-03-18 11:01
Modified
2024-11-05 16:16
Summary
Red Hat Security Advisory: apache, openssl, php security update for Stronghold
Notes
Topic
Updated versions of Stronghold 3.0 are available to fix a number of
vulnerabilities in OpenSSL, Apache, and PHP.
Details
Stronghold 3.0 contains a number of open source technologies such as
OpenSSL, Apache, and PHP. The following paragraphs describe a number of
issues that have been found in versions of these projects.
In a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin
Vuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites
in SSL and TLS. An active attacker may be able to use timing observations
to distinguish between two different error cases: cipher padding errors and
MAC verification errors. Over multiple connections this can leak
sufficient information to be able to retrieve the plain text of a common,
fixed block. In order for an attack to be successful an attacker must be
able to act as a man-in-the-middle to intercept and modify multiple
connections which all involve a common fixed plain text block (such as a
password), and have good network conditions that allow small changes in
timing to be reliably observed.
The SSL timing attack announced recently by David Brumly and Dan Boneh
is not fixed by this erratum; this new issue will be addressed by a
future erratum release.
The Apache Web server does not prevent escape sequences from being written
to log files. This could allow an attacker to embed arbitrary escape
sequences into log files. A recent paper by HD Moore highlighted
several issues where common terminal emulator software (such as xterm) can
be remotely abused or exploited by displaying arbitrary escape sequences.
The MySQL client library (libmysqlclient) used in the PHP MySQL extension
in PHP versions earlier than 4.3.0 does not properly verify length fields
for certain responses in the read_rows or read_one_row routines, which
allows a malicious server to cause a denial of service and possibly execute
arbitrary code.
Stronghold 3.0 contains OpenSSL 0.9.6b, Apache 1.3.22, and PHP
4.1.2 and is, therefore, vulnerable to these issues. Users of Stronghold are
advised to update to the errata versions of Stronghold 3.0 which contain
backported security fixes and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of Stronghold 3.0 are available to fix a number of\nvulnerabilities in OpenSSL, Apache, and PHP.",
"title": "Topic"
},
{
"category": "general",
"text": "Stronghold 3.0 contains a number of open source technologies such as\nOpenSSL, Apache, and PHP. The following paragraphs describe a number of\nissues that have been found in versions of these projects.\n\nIn a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin\nVuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites\nin SSL and TLS. An active attacker may be able to use timing observations\nto distinguish between two different error cases: cipher padding errors and\nMAC verification errors. Over multiple connections this can leak\nsufficient information to be able to retrieve the plain text of a common,\nfixed block. In order for an attack to be successful an attacker must be\nable to act as a man-in-the-middle to intercept and modify multiple\nconnections which all involve a common fixed plain text block (such as a\npassword), and have good network conditions that allow small changes in\ntiming to be reliably observed.\n\nThe SSL timing attack announced recently by David Brumly and Dan Boneh\nis not fixed by this erratum; this new issue will be addressed by a\nfuture erratum release.\n\nThe Apache Web server does not prevent escape sequences from being written\nto log files. This could allow an attacker to embed arbitrary escape\nsequences into log files. A recent paper by HD Moore highlighted\nseveral issues where common terminal emulator software (such as xterm) can\nbe remotely abused or exploited by displaying arbitrary escape sequences.\n\nThe MySQL client library (libmysqlclient) used in the PHP MySQL extension\nin PHP versions earlier than 4.3.0 does not properly verify length fields\nfor certain responses in the read_rows or read_one_row routines, which\nallows a malicious server to cause a denial of service and possibly execute\narbitrary code.\n\nStronghold 3.0 contains OpenSSL 0.9.6b, Apache 1.3.22, and PHP\n4.1.2 and is, therefore, vulnerable to these issues. Users of Stronghold are\nadvised to update to the errata versions of Stronghold 3.0 which contain\nbackported security fixes and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:104",
"url": "https://access.redhat.com/errata/RHSA-2003:104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://stronghold.redhat.com/",
"url": "http://stronghold.redhat.com/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_104.json"
}
],
"title": "Red Hat Security Advisory: apache, openssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-05T16:16:02+00:00",
"generator": {
"date": "2024-11-05T16:16:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2003:104",
"initial_release_date": "2003-03-18T11:01:00+00:00",
"revision_history": [
{
"date": "2003-03-18T11:01:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-03-18T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T16:16:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Stronghold 3",
"product": {
"name": "Red Hat Stronghold 3",
"product_id": "Red Hat Stronghold 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stronghold:3"
}
}
}
],
"category": "product_family",
"name": "Stronghold Cross Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-1376",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616897"
}
],
"notes": [
{
"category": "description",
"text": "libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1376"
},
{
"category": "external",
"summary": "RHBZ#1616897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616897"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1376"
}
],
"release_date": "2002-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-03-18T11:01:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL, Apache\nand PHP included in Stronghold 3. Stronghold 3.0 build code 3021 is now\navailable which includes these fixes, and can be downloaded from\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:104"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0020",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616937"
}
],
"notes": [
{
"category": "description",
"text": "Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0020"
},
{
"category": "external",
"summary": "RHBZ#1616937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0020"
}
],
"release_date": "2003-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-03-18T11:01:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL, Apache\nand PHP included in Stronghold 3. Stronghold 3.0 build code 3021 is now\navailable which includes these fixes, and can be downloaded from\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:104"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0078",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616956"
}
],
"notes": [
{
"category": "description",
"text": "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0078"
},
{
"category": "external",
"summary": "RHBZ#1616956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0078",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0078"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0078",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0078"
}
],
"release_date": "2003-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-03-18T11:01:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL, Apache\nand PHP included in Stronghold 3. Stronghold 3.0 build code 3021 is now\navailable which includes these fixes, and can be downloaded from\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:104"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0083",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616961"
}
],
"notes": [
{
"category": "description",
"text": "Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0083"
},
{
"category": "external",
"summary": "RHBZ#1616961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0083",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0083"
}
],
"release_date": "2003-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-03-18T11:01:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL, Apache\nand PHP included in Stronghold 3. Stronghold 3.0 build code 3021 is now\navailable which includes these fixes, and can be downloaded from\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3.0, see\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:104"
}
],
"title": "security flaw"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.