rhsa-2004_405
Vulnerability from csaf_redhat
Published
2004-07-23 09:26
Modified
2024-11-05 16:23
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold

Notes

Topic
Updated versions of cross-platform Stronghold that fix security issues in mod_ssl, PHP, and the Apache HTTP Server are now available.
Details
Stronghold 4 contains a number of open source technologies, including PHP, mod_ssl and the Apache HTTP Server. Stefan Esser discovered a flaw when the memory_limit configuration setting was enabled in PHP 4 versions prior to 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0594 to this issue. It may be possible to exploit this issue if using a non-default PHP configuration with the "register_defaults" setting is changed to "On". Red Hat does not believe that this flaw is exploitable in the default configuration of Stronghold 4. Stefan Esser discovered a flaw in the strip_tags function in versions of PHP prior to 4.3.8. The strip_tags function is commonly used by PHP scripts to prevent cross-site scripting attacks by removing HTML tags from user-supplied form data. By embedding NUL bytes into form data, HTML tags can in some cases be passed intact through the strip_tags function, which may allow a cross-site scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to this issue. A stack buffer overflow was discovered in mod_ssl which can be triggered if using the FakeBasicAuth option. If mod_ssl is sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow can occur if FakeBasicAuth has been enabled. In order to exploit this issue, the carefully crafted malicious certificate would have to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0488 to this issue. A format string issue was discovered in mod_ssl which can be triggered if mod_ssl is configured to allow a client to proxy to remote SSL sites. If mod_ssl is forced to connect to a remote SSL server using a carefully crafted hostname, an attacker may be able to crash an Apache child process. This issue is not known to allow arbitrary execution of code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0700 to this issue. A denial of service issue was discovered which affects versions of the Apache HTTP Server prior to 1.3.30. On some platforms, when Apache is configured with multiple listening sockets, a short-lived connection to one socket may temporarily block new connections to other sockets. This issue does not affect Stronghold if running on Linux, FreeBSD or HP-UX platforms. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0174 to this issue. Users of Stronghold 4 cross-platform are advised to update to these errata versions, which contain backported security fixes and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of cross-platform Stronghold that fix security issues in\nmod_ssl, PHP, and the Apache HTTP Server are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nPHP, mod_ssl and the Apache HTTP Server.\n\nStefan Esser discovered a flaw when the memory_limit configuration setting\nwas enabled in PHP 4 versions prior to 4.3.8. If a remote attacker could\nforce the PHP interpreter to allocate more memory than the memory_limit\nsetting before script execution begins, then the attacker may be able to\nsupply the contents of a PHP hash table remotely. This hash table could\nthen be used to execute arbitrary code as the \u0027apache\u0027 user. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0594 to this issue.\n\nIt may be possible to exploit this issue if using a non-default PHP\nconfiguration with the \"register_defaults\" setting is changed to \"On\".  Red\nHat does not believe that this flaw is exploitable in the default\nconfiguration of Stronghold 4.\n\nStefan Esser discovered a flaw in the strip_tags function in versions of\nPHP prior to 4.3.8. The strip_tags function is commonly used by PHP scripts\nto prevent cross-site scripting attacks by removing HTML tags from\nuser-supplied form data. By embedding NUL bytes into form data, HTML tags\ncan in some cases be passed intact through the strip_tags function, which\nmay allow a cross-site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to\nthis issue.\n\nA stack buffer overflow was discovered in mod_ssl which can be triggered if\nusing the FakeBasicAuth option. If mod_ssl is sent a client certificate\nwith a subject DN field longer than 6000 characters, a stack overflow can\noccur if FakeBasicAuth has been enabled. In order to exploit this issue,\nthe carefully crafted malicious certificate would have to be signed by a\nCertificate Authority which mod_ssl is configured to trust. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0488 to this issue.\n\nA format string issue was discovered in mod_ssl which can be triggered if \nmod_ssl is configured to allow a client to proxy to remote SSL sites. \nIf mod_ssl is forced to connect to a remote SSL server using a\ncarefully crafted hostname, an attacker may be able to crash an Apache\nchild process.  This issue is not known to allow arbitrary execution of\ncode.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0700 to this issue.\n\nA denial of service issue was discovered which affects versions of the\nApache HTTP Server prior to 1.3.30.  On some platforms, when Apache is\nconfigured with multiple listening sockets, a short-lived connection to\none socket may temporarily block new connections to other sockets.  This\nissue does not affect Stronghold if running on Linux, FreeBSD or HP-UX\nplatforms.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0174 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:405",
        "url": "https://access.redhat.com/errata/RHSA-2004:405"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "127703",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=127703"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_405.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-05T16:23:38+00:00",
      "generator": {
        "date": "2024-11-05T16:23:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2004:405",
      "initial_release_date": "2004-07-23T09:26:00+00:00",
      "revision_history": [
        {
          "date": "2004-07-23T09:26:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-07-23T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T16:23:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0174",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a \"short-lived connection on a rarely-accessed listening socket.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Not vulnerable.  This issue did not affect Linux.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0174"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0174",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0174"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0174",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0174"
        }
      ],
      "release_date": "2004-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0488",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430867"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_ssl ssl_util_uuencode_binary CA issue",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0488"
        },
        {
          "category": "external",
          "summary": "RHBZ#430867",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430867"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0488"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0488",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0488"
        }
      ],
      "release_date": "2004-05-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_ssl ssl_util_uuencode_binary CA issue"
    },
    {
      "cve": "CVE-2004-0594",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617233"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0594"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617233",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617233"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0594"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0594",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0594"
        }
      ],
      "release_date": "2004-07-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0595",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617234"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0595"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617234",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617234"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0595",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0595"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0595",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0595"
        }
      ],
      "release_date": "2004-07-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0700",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430866"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_proxy hook format string",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0700"
        },
        {
          "category": "external",
          "summary": "RHBZ#430866",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430866"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0700",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0700"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0700",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0700"
        }
      ],
      "release_date": "2004-07-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-07-23T09:26:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:405"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mod_proxy hook format string"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.