• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Apache Mod_DAV LOCK Denial Of Service Vulnerability

Solution:
Turbolinux has released advisory TLSA-2005-01-13 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Debian has released advisory DSA 558-1 along with fixes to address this issue for Debian systems. Please see the referenced advisory for further information.

RedHat has released advisory RHSA-2004:463-09 along with fixes to address these issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.

Trustix Secure Linux has released an advisory (TSLSA-2004-0047) along with fixes dealing with this, and other issues. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200409-21 to address this, and other issues. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
emerge sync
emerge -pv ">=net-www/apache-2.0.51"
emerge ">=net-www/apache-2.0.51"
emerge -pv ">=net-www/mod_dav-1.0.3-r2"
emerge ">=net-www/mod_dav-1.0.3-r2"

Conectiva Linux has released advisory CLA-2004:868 along with fixes to address this, and other issues. Please see the referenced advisory for further information.

Red Hat Fedora has released an advisory (FEDORA-2004-313) along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

The vendor has released version 2.0.51 to address this, and other issues:

HP has released an advisory (HPSBUX01090) to address various issues affecting HP-UX running Apache and PHP. Please see the referenced advisory for more information.

IBM has released an advisory dealing with this issue for the HTTP Server based on Apache. Please see the referenced advisory for more information.


Apache Software Foundation Apache 2.0

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0 a9

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.28

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.28 Beta

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.32

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.35

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.36

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.37

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.38

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.39

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.40

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.41

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

IBM HTTP Server 2.0.42 .2

• IBM 2.0.42.2-PQ94389.aix.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.42.2-PQ94389.aix.tar


• IBM 2.0.42.2-PQ94389.hpux.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.42.2-PQ94389.hpux.tar


• IBM 2.0.42.2-PQ94389.linux.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.42.2-PQ94389.linux.tar


• IBM 2.0.42.2-PQ94389.linux390.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.42.2-PQ94389.linux390.tar


• IBM 2.0.42.2-PQ94389.linuxppc.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.42.2-PQ94389.linuxppc.tar


• IBM 2.0.42.2-PQ94389.nt.zip
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.42.2-PQ94389.nt.zip


• IBM 2.0.42.2-PQ94389.sun.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.42.2-PQ94389.sun.tar

Apache Software Foundation Apache 2.0.42

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.43

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.44

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz


• Conectiva apache-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_8cl. i386.rpm


• Conectiva apache-devel-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U9 0_8cl.i386.rpm


• Conectiva apache-doc-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_ 8cl.i386.rpm


• Conectiva apache-htpasswd-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-2879 0U90_8cl.i386.rpm


• Conectiva libapr-devel-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U9 0_8cl.i386.rpm


• Conectiva libapr-devel-static-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45- 28790U90_8cl.i386.rpm


• Conectiva libapr0-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_8cl .i386.rpm


• Conectiva mod_auth_ldap-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U 90_8cl.i386.rpm


• Conectiva mod_dav-2.0.45-28790U90_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_8cl .i386.rpm

Apache Software Foundation Apache 2.0.45

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.46

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Apache Software Foundation Apache 2.0.47

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

IBM HTTP Server 2.0.47 .1

• IBM 2.0.47.1-PQ94389.aix.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.47.1-PQ94389.aix.tar


• IBM 2.0.47.1-PQ94389.hpux.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.47.1-PQ94389.hpux.tar


• IBM 2.0.47.1-PQ94389.linux.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.47.1-PQ94389.linux.tar


• IBM 2.0.47.1-PQ94389.linux390.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.47.1-PQ94389.linux390.tar


• IBM 2.0.47.1-PQ94389.linuxppc.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.47.1-PQ94389.linuxppc.tar


• IBM 2.0.47.1-PQ94389.nt.zip
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.47.1-PQ94389.nt.zip


• IBM 2.0.47.1-PQ94389.sun.tar
  ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ9438 9/2.0.47.1-PQ94389.sun.tar

Apache Software Foundation Apache 2.0.48

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz


• TurboLinux httpd-2.0.48-15.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/httpd-2.0.48-15.i586.rpm

Apache Software Foundation Apache 2.0.49

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz


• Conectiva apache-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-2.0.49-61251U10_1cl .i386.rpm


• Conectiva apache-devel-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-devel-2.0.49-61251U 10_1cl.i386.rpm


• Conectiva apache-doc-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-doc-2.0.49-61251U10 _1cl.i386.rpm


• Conectiva apache-htpasswd-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-htpasswd-2.0.49-612 51U10_1cl.i386.rpm


• Conectiva libapr-devel-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-2.0.49-61251U 10_1cl.i386.rpm


• Conectiva libapr-devel-static-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-static-2.0.49 -61251U10_1cl.i386.rpm


• Conectiva libapr0-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr0-2.0.49-61251U10_1c l.i386.rpm


• Conectiva mod_auth_ldap-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_auth_ldap-2.0.49-61251 U10_1cl.i386.rpm


• Conectiva mod_dav-2.0.49-61251U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_dav-2.0.49-61251U10_1c l.i386.rpm


• Fedora httpd-2.0.51-2.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora httpd-2.0.51-2.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora httpd-debuginfo-2.0.51-2.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora httpd-debuginfo-2.0.51-2.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora httpd-devel-2.0.51-2.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora httpd-devel-2.0.51-2.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora httpd-manual-2.0.51-2.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora httpd-manual-2.0.51-2.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora mod_ssl-2.0.51-2.7.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora mod_ssl-2.0.51-2.7.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Trustix apache-2.0.51-0.1tr.i586.rpm
  Trustix Secure Linux 2.0, 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix apache-devel-2.0.51-0.1tr.i586.rpm
  Trustix Secure Linux 2.0, 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix apache-manual-2.0.51-0.1tr.i586.rpm
  Trustix Secure Linux 2.0, 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/

Apache Software Foundation Apache 2.0.50

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Debian Linux 3.0 alpha

• Debian libapache-mod-dav_1.0.3-3.1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/li bapache-mod-dav_1.0.3-3.1_alpha.deb

Debian Linux 3.0 mips

• Debian libapache-mod-dav_1.0.3-3.1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-dav_1. 0.3-3.1_mips.deb

Debian Linux 3.0 m68k

• Debian libapache-mod-dav_1.0.3-3.1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-dav_1. 0.3-3.1_m68k.deb

Debian Linux 3.0 hppa

• Debian libapache-mod-dav_1.0.3-3.1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-dav_1. 0.3-3.1_hppa.deb

Debian Linux 3.0 arm

• Debian libapache-mod-dav_1.0.3-3.1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-dav_1. 0.3-3.1_arm.deb

Debian Linux 3.0 ia-64

• Debian libapache-mod-dav_1.0.3-3.1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-dav_1. 0.3-3.1_ia64.deb

Debian Linux 3.0 ia-32

• Debian libapache-mod-dav_1.0.3-3.1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-dav_1. 0.3-3.1_i386.deb