rhsa-2004_653
Vulnerability from csaf_redhat
Published
2004-12-20 16:40
Modified
2024-11-14 10:03
Summary
Red Hat Security Advisory: apache, mod_ssl security update for Stronghold

Notes

Topic
Updated versions of cross-platform Stronghold that fix security issues in mod_ssl and the Apache HTTP Server are now available.
Details
Stronghold 4 contains a number of open source technologies, including mod_ssl and the Apache HTTP Server. A buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0940 to this issue. mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification which is known not to work with modern browsers. This issue does not affect mod_auth_digest. (CAN-2003-0987) The mod_ssl module, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. (CAN-2004-0885) Users of Stronghold 4 cross-platform are advised to update to these errata versions, which contain backported security fixes and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of cross-platform Stronghold that fix security issues in\nmod_ssl and the Apache HTTP Server are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nmod_ssl and the Apache HTTP Server.\n\nA buffer overflow in the get_tag function in mod_include for Apache 1.3.x\nto 1.3.32 allows local users who can create SSI documents to execute\narbitrary code as the apache user via SSI (XSSI) documents that trigger a\nlength calculation error.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0940 to this issue.\n\nmod_digest does not properly verify the nonce of a client response by using\na AuthNonce secret. This could allow a malicious user who is able to sniff\nnetwork traffic to conduct a replay attack against a website using Digest\nprotection. Note that mod_digest implements an older version of the MD5\nDigest Authentication specification which is known not to work with modern\nbrowsers. This issue does not affect mod_auth_digest. (CAN-2003-0987)\n\nThe mod_ssl module, when using the \"SSLCipherSuite\" directive in directory\nor location context, allows remote clients to bypass intended restrictions\nby using any cipher suite that is allowed by the virtual host\nconfiguration.  (CAN-2004-0885)\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:653",
        "url": "https://access.redhat.com/errata/RHSA-2004:653"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://stronghold.redhat.com/support/upgrade-sh4",
        "url": "http://stronghold.redhat.com/support/upgrade-sh4"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_653.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache, mod_ssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-14T10:03:24+00:00",
      "generator": {
        "date": "2024-11-14T10:03:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2004:653",
      "initial_release_date": "2004-12-20T16:40:00+00:00",
      "revision_history": [
        {
          "date": "2004-12-20T16:40:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-12-20T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:03:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0987",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430529"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_digest nonce not verified",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0987"
        },
        {
          "category": "external",
          "summary": "RHBZ#430529",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430529"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0987"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0987",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0987"
        }
      ],
      "release_date": "2003-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-20T16:40:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0j patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:653"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd mod_digest nonce not verified"
    },
    {
      "cve": "CVE-2004-0885",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430637"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_ssl SSLCipherSuite bypass",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0885"
        },
        {
          "category": "external",
          "summary": "RHBZ#430637",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430637"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0885"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885"
        }
      ],
      "release_date": "2004-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-20T16:40:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0j patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:653"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_ssl SSLCipherSuite bypass"
    },
    {
      "cve": "CVE-2004-0940",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430526"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_include SSI overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0940"
        },
        {
          "category": "external",
          "summary": "RHBZ#430526",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430526"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0940"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0940",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0940"
        }
      ],
      "release_date": "2004-10-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-20T16:40:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0j patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:653"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_include SSI overflow"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.