rhsa-2004_405
Vulnerability from csaf_redhat
Published
2004-07-23 09:26
Modified
2024-11-05 16:23
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of cross-platform Stronghold that fix security issues in
mod_ssl, PHP, and the Apache HTTP Server are now available.
Details
Stronghold 4 contains a number of open source technologies, including
PHP, mod_ssl and the Apache HTTP Server.
Stefan Esser discovered a flaw when the memory_limit configuration setting
was enabled in PHP 4 versions prior to 4.3.8. If a remote attacker could
force the PHP interpreter to allocate more memory than the memory_limit
setting before script execution begins, then the attacker may be able to
supply the contents of a PHP hash table remotely. This hash table could
then be used to execute arbitrary code as the 'apache' user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0594 to this issue.
It may be possible to exploit this issue if using a non-default PHP
configuration with the "register_defaults" setting is changed to "On". Red
Hat does not believe that this flaw is exploitable in the default
configuration of Stronghold 4.
Stefan Esser discovered a flaw in the strip_tags function in versions of
PHP prior to 4.3.8. The strip_tags function is commonly used by PHP scripts
to prevent cross-site scripting attacks by removing HTML tags from
user-supplied form data. By embedding NUL bytes into form data, HTML tags
can in some cases be passed intact through the strip_tags function, which
may allow a cross-site scripting attack. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to
this issue.
A stack buffer overflow was discovered in mod_ssl which can be triggered if
using the FakeBasicAuth option. If mod_ssl is sent a client certificate
with a subject DN field longer than 6000 characters, a stack overflow can
occur if FakeBasicAuth has been enabled. In order to exploit this issue,
the carefully crafted malicious certificate would have to be signed by a
Certificate Authority which mod_ssl is configured to trust. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0488 to this issue.
A format string issue was discovered in mod_ssl which can be triggered if
mod_ssl is configured to allow a client to proxy to remote SSL sites.
If mod_ssl is forced to connect to a remote SSL server using a
carefully crafted hostname, an attacker may be able to crash an Apache
child process. This issue is not known to allow arbitrary execution of
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0700 to this issue.
A denial of service issue was discovered which affects versions of the
Apache HTTP Server prior to 1.3.30. On some platforms, when Apache is
configured with multiple listening sockets, a short-lived connection to
one socket may temporarily block new connections to other sockets. This
issue does not affect Stronghold if running on Linux, FreeBSD or HP-UX
platforms. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0174 to this issue.
Users of Stronghold 4 cross-platform are advised to update to these errata
versions, which contain backported security fixes and are not vulnerable to
these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated versions of cross-platform Stronghold that fix security issues in\nmod_ssl, PHP, and the Apache HTTP Server are now available.", "title": "Topic" }, { "category": "general", "text": "Stronghold 4 contains a number of open source technologies, including\nPHP, mod_ssl and the Apache HTTP Server.\n\nStefan Esser discovered a flaw when the memory_limit configuration setting\nwas enabled in PHP 4 versions prior to 4.3.8. If a remote attacker could\nforce the PHP interpreter to allocate more memory than the memory_limit\nsetting before script execution begins, then the attacker may be able to\nsupply the contents of a PHP hash table remotely. This hash table could\nthen be used to execute arbitrary code as the \u0027apache\u0027 user. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0594 to this issue.\n\nIt may be possible to exploit this issue if using a non-default PHP\nconfiguration with the \"register_defaults\" setting is changed to \"On\". Red\nHat does not believe that this flaw is exploitable in the default\nconfiguration of Stronghold 4.\n\nStefan Esser discovered a flaw in the strip_tags function in versions of\nPHP prior to 4.3.8. The strip_tags function is commonly used by PHP scripts\nto prevent cross-site scripting attacks by removing HTML tags from\nuser-supplied form data. By embedding NUL bytes into form data, HTML tags\ncan in some cases be passed intact through the strip_tags function, which\nmay allow a cross-site scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to\nthis issue.\n\nA stack buffer overflow was discovered in mod_ssl which can be triggered if\nusing the FakeBasicAuth option. If mod_ssl is sent a client certificate\nwith a subject DN field longer than 6000 characters, a stack overflow can\noccur if FakeBasicAuth has been enabled. In order to exploit this issue,\nthe carefully crafted malicious certificate would have to be signed by a\nCertificate Authority which mod_ssl is configured to trust. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0488 to this issue.\n\nA format string issue was discovered in mod_ssl which can be triggered if \nmod_ssl is configured to allow a client to proxy to remote SSL sites. \nIf mod_ssl is forced to connect to a remote SSL server using a\ncarefully crafted hostname, an attacker may be able to crash an Apache\nchild process. This issue is not known to allow arbitrary execution of\ncode. The Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0700 to this issue.\n\nA denial of service issue was discovered which affects versions of the\nApache HTTP Server prior to 1.3.30. On some platforms, when Apache is\nconfigured with multiple listening sockets, a short-lived connection to\none socket may temporarily block new connections to other sockets. This\nissue does not affect Stronghold if running on Linux, FreeBSD or HP-UX\nplatforms. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0174 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2004:405", "url": "https://access.redhat.com/errata/RHSA-2004:405" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "127703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=127703" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_405.json" } ], "title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold", "tracking": { "current_release_date": "2024-11-05T16:23:38+00:00", "generator": { "date": "2024-11-05T16:23:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2004:405", "initial_release_date": "2004-07-23T09:26:00+00:00", "revision_history": [ { "date": "2004-07-23T09:26:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2004-07-23T00:00:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:23:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Stronghold 4", "product": { "name": "Red Hat Stronghold 4", "product_id": "Red Hat Stronghold 4", "product_identification_helper": { "cpe": "cpe:/a:redhat:stronghold:4" } } } ], "category": "product_family", "name": "Stronghold Cross Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2004-0174", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1617165" } ], "notes": [ { "category": "description", "text": "Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a \"short-lived connection on a rarely-accessed listening socket.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" }, { "category": "other", "text": "Not vulnerable. This issue did not affect Linux.", "title": "Statement" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0174" }, { "category": "external", "summary": "RHBZ#1617165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617165" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0174", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0174" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0174", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0174" } ], "release_date": "2004-03-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-07-23T09:26:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:405" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "security flaw" }, { "cve": "CVE-2004-0488", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430867" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_ssl ssl_util_uuencode_binary CA issue", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0488" }, { "category": "external", "summary": "RHBZ#430867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0488", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0488" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0488", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0488" } ], "release_date": "2004-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-07-23T09:26:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:405" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_ssl ssl_util_uuencode_binary CA issue" }, { "cve": "CVE-2004-0594", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1617233" } ], "notes": [ { "category": "description", "text": "The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0594" }, { "category": "external", "summary": "RHBZ#1617233", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617233" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0594", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0594" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0594", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0594" } ], "release_date": "2004-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-07-23T09:26:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:405" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "security flaw" }, { "cve": "CVE-2004-0595", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1617234" } ], "notes": [ { "category": "description", "text": "The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0595" }, { "category": "external", "summary": "RHBZ#1617234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617234" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0595", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0595" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0595", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0595" } ], "release_date": "2004-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-07-23T09:26:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:405" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "security flaw" }, { "cve": "CVE-2004-0700", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430866" } ], "notes": [ { "category": "description", "text": "Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_proxy hook format string", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "Red Hat Stronghold 4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0700" }, { "category": "external", "summary": "RHBZ#430866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430866" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0700", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0700" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0700", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0700" } ], "release_date": "2004-07-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2004-07-23T09:26:00+00:00", "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0i patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4", "product_ids": [ "Red Hat Stronghold 4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2004:405" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mod_proxy hook format string" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.