NSFOCUS绿盟科技

安全研究

安全漏洞

Apache Web Server远程IPv6缓冲区溢出漏洞

发布日期：2004-09-16
更新日期：2004-09-20

受影响系统：

Apache Software Foundation Apache 2.0a9
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 2.0.48
    - Mandrake Linux 10.0
    - SuSE Linux 9.0
    - SuSE Linux 8.2
    - SuSE Linux 8.1
    - Trustix Secure Linux 2.0

不受影响系统：

Apache Software Foundation Apache 2.0.51

描述：

BUGTRAQ  ID: 11187
CVE(CAN) ID: CVE-2004-0786

Apache是一款开放源代码WEB服务程序。

Apache Web Server在处理IPv6通信时存在问题，远程攻击者可以利用这个漏洞对服务程序进行缓冲区溢出攻击。

Apache的apr-util库中的IPv5 URI解析函数存在输入验证错误，当使用libc内存拷贝函数时不正确处理字符串长度参数，可触发缓冲区溢出，精心构建提交数据可以在基于BSD UNIX的系统上执行任意指令。

<*来源：Red Hat ASF Security-Team

  链接：http://security.gentoo.org/glsa/glsa-200409-21.xml
                http://www.linux-mandrake.com/en/security/2004/2004-096.php
*>

建议：

厂商补丁：

MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告（MDKSA-2004:096）以及相应补丁:
MDKSA-2004:096：Updated apache2 packages fix multiple vulnerabilities
链接：http://www.linux-mandrake.com/en/security/2004/2004-096.php

补丁下载：

Updated Packages:

Mandrakelinux 10.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libapr0-2.0.48-6.6.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/lib64apr0-2.0.48-6.6.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm

Mandrakelinux 9.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libapr0-2.0.47-6.9.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/apache2-2.0.47-6.9.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.amd64.rpm

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载：
http://www.mandrakesecure.net/en/ftp.php

S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告（SUSE-SA:2004:032）以及相应补丁:
SUSE-SA:2004:032：apache2 (SUSE-SA
链接：

补丁下载：

SuSE Upgrade apache2-2.0.49-27.14.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.14.i586.rpm

SuSE Upgrade apache2-prefork-2.0.49-27.14.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49-27.14.i586.rpm

SuSE Upgrade apache2-worker-2.0.49-27.14.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-27.14.i586.rpm

SuSE Upgrade libapr0-2.0.49-27.14.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.14.i586.rpm

SuSE Patch apache2-2.0.49-27.14.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.14.i586.patch.rpm

SuSE Patch apache2-prefork-2.0.49-27.14.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49-27.14.i586.patch.rpm

SuSE Patch apache2-worker-2.0.49-27.14.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-27.14.i586.patch.rpm

SuSE Patch libapr0-2.0.49-27.14.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.14.i586.patch.rpm

SuSE Upgrade apache2-2.0.49-27.14.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.14.x86_64.rpm

SuSE Upgrade apache2-prefork-2.0.49-27.14.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.0.49-27.14.x86_64.rpm

SuSE Upgrade apache2-worker-2.0.49-27.14.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0.49-27.14.x86_64.rpm

SuSE Upgrade libapr0-2.0.49-27.14.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.14.x86_64.rpm

SuSE Patch apache2-2.0.49-27.14.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.14.x86_64.patch.rpm

SuSE Patch apache2-prefork-2.0.49-27.14.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.0.49-27.14.x86_64.patch.rpm

SuSE Patch apache2-worker-2.0.49-27.14.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0.49-27.14.x86_64.patch.rpm

SuSE Patch libapr0-2.0.49-27.14.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.14.x86_64.patch.rpm

Apache Software Foundation
--------------------------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Apache Software Foundation Apache 2.0.50:

Apache Software Foundation Upgrade httpd-2.0.51.tar.gz
http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Gentoo
------
Gentoo已经为此发布了一个安全公告（GLSA-200409-21）以及相应补丁:
GLSA-200409-21：Apache 2, mod_dav: Multiple vulnerabilities
链接：http://security.gentoo.org/glsa/glsa-200409-21.xml

补丁下载：

    # emerge sync

    # emerge -pv ">=net-www/apache-2.0.51"
    # emerge ">=net-www/apache-2.0.51"

浏览次数：5689
严重程度：21（网友投票）

本安全漏洞由绿盟科技翻译整理，版权所有，未经许可，不得转载
绿盟科技给您安全的保障

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客