• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache Rewrite Module Arbitrary File Disclosure Vulnerability

Solution:
The fix which was released (1.3.14) limited some of the functionality of mod_rewrite. A patch is available for the apache source code at http://bugs.apache.org/index.cgi/full/6671 that fixes the bug and restores lost functionality that the original patches/fixes caused.

Apache Group has released Apache 1.3.14 which rectifies this issue and is available for download at:

http://httpd.apache.org/dist/

The patch is currently being tested and will be part of the release of Apache 1.3.13. Until then, users should check their configuration files and not use rules that map to a filename [such as the first example listed in the discussion].
(Excerpted from Apache development list 09-22).

Users of Trustix Secure Linux v1.1 are advised to obtain a new version of Apache, available at:

http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/

The package names are:

* apache-1.3.12-6tr.i586.rpm
* apache-devel-1.3.12-6tr.i586.rpm
* apache-ssl-1.3.12_1.39-8tr.i586.rpm
- Fix a remote exploit possible under certain circumstances in
mod_rewrite.

Connectiva:

SOLUTION
It is recommended that users using mod_rewrite or with virtual
hosting update their servers.
Users of Conectiva Linux 4.1 and 4.2 will also find apache-1.3.12 on
the FTP site. That package should be used for those who upgraded to
1.3.12 because of the IMP/HORDE advisory a while ago.

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/apache-1.3.6-16cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/apache-1.3.6-16cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/apache-devel-1.3.6-16cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/apache-1.3.6-16cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/apache-1.3.6-16cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/apache-devel-1.3.6-16cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/apache-1.3.9-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/apache-1.3.9-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/apache-devel-1.3.9-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/apache-1.3.9-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/apache-1.3.9-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/apache-devel-1.3.9-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/apache-1.3.12-14cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-doc-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-devel-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/apache-1.3.12-14cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-doc-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-devel-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/apache-1.3.12-14cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-doc-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-devel-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/apache-1.3.12-14cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-doc-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-devel-1.3.12-14cl.i386.rpm

Mandrake Linux:

The updates listed below are available from the following sites:

ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates

Linux-Mandrake 6.0:
77fa37ac213493d94f5817f93710cbb8 6.0/RPMS/apache-1.3.6-29mdk.i586.rpm
8c51afd87ab8be5b08bc2d02fdc37298 6.0/RPMS/apache-devel-1.3.6-29mdk.i586.rpm
ec94ecd38c6a33dc5c77f7cf323d4791 6.0/SRPMS/apache-1.3.6-29mdk.src.rpm

Linux-Mandrake 6.1:
890f342e3d33a73978b9ec60d53f3c54 6.1/RPMS/apache-1.3.9-8mdk.i586.rpm
4308ebc3b5c496b74173d0af0cb43de9 6.1/RPMS/apache-devel-1.3.9-8mdk.i586.rpm
6fea96bb3c5e6696a2322134d6245937 6.1/SRPMS/apache-1.3.9-8mdk.src.rpm

Linux-Mandrake 7.0:
094ae1b8764bd6c71519fe051b735e21 7.0/RPMS/apache-1.3.9-18mdk.i586.rpm
dc298d04f25fe4f5a895e898606b8551 7.0/RPMS/apache-devel-1.3.9-18mdk.i586.rpm
7fe54f76cf8f5b46d35ba44944783811 7.0/RPMS/apache-suexec-1.3.9-18mdk.i586.rpm
c0eeda6da43ac82e2625950738287183 7.0/SRPMS/apache-1.3.9-18mdk.src.rpm

Linux-Mandrake 7.1:
6733773bb495b2095eae6670dc40c1a8 7.1/RPMS/apache-1.3.12-15mdk.i586.rpm
6de0327248be26c363bb5bb32a8d7530 7.1/RPMS/apache-devel-1.3.12-15mdk.i586.rpm
1bdbee39947ed25e99af77486eadeee0 7.1/RPMS/apache-suexec-1.3.12-15mdk.i586.rpm
971578db71afb0474a7c41ccdc2b5d2c 7.1/SRPMS/apache-1.3.12-15mdk.src.rpm

Wirex has released patches for Immunix OS 6.2:

http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-1.3.14-1.6.x_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-devel-1.3.14-1.6.x_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/apache-manual-1.3.14-1.6.x_StackGuard.i386.rpm

and for those who craft their own versions, the source:

http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/apache-1.3.14-1.6.x_StackGuard.src.rpm

md5sums of the packages:

a400e3b306fab2f4f91120dc20e53cd5 apache-1.3.14-1.6.x_StackGuard.i386.rpm
910e5e3b9e297a8078234e16dd9408a2 apache-devel-1.3.14-1.6.x_StackGuard.i386.rpm
4ebd23dcb6933ddd9e569760373e3360 apache-manual-1.3.14-1.6.x_StackGuard.i386.rpm
c4c6935edc702c7317927eb825dca5cf apache-1.3.14-1.6.x_StackGuard.src.rpm

Red Hat Linux 5.2:

alpha:
ftp://updates.redhat.com/5.2/alpha/apache-1.3.14-2.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/apache-devel-1.3.14-2.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/mod_perl-1.19-2.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/php-3.0.17-1.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/php-manual-3.0.17-1.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/php-pgsql-3.0.17-1.5.x.alpha.rpm

sparc:
ftp://updates.redhat.com/5.2/sparc/apache-1.3.14-2.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/apache-devel-1.3.14-2.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/mod_perl-1.19-2.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/php-3.0.17-1.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/php-manual-3.0.17-1.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/php-pgsql-3.0.17-1.5.x.sparc.rpm

i386:
ftp://updates.redhat.com/5.2/i386/apache-1.3.14-2.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/apache-devel-1.3.14-2.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/mod_perl-1.19-2.i386.rpm
ftp://updates.redhat.com/5.2/i386/php-3.0.17-1.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/php-manual-3.0.17-1.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/php-pgsql-3.0.17-1.5.x.i386.rpm

sources:
ftp://updates.redhat.com/5.2/SRPMS/apache-1.3.14-2.5.x.src.rpm
ftp://updates.redhat.com/5.2/SRPMS/mod_perl-1.19-2.src.rpm
ftp://updates.redhat.com/5.2/SRPMS/php-3.0.17-1.5.x.src.rpm

Red Hat Linux 6.0:

alpha:
ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.0.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.0.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.0.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.0.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.0.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.0.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.0.sparc.rpm

i386:
ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.0.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.0.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.0.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.0.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.0.src.rpm

Red Hat Linux 6.1:

alpha:
ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/auth_ldap-1.4.0-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-ldap-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.1.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-pgsql-3.0.17-1.6.1.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/auth_ldap-1.4.0-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-ldap-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.1.sparc.rpm

i386:
ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/auth_ldap-1.4.0-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-ldap-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.1.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.1.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/auth_ldap-1.4.0-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.1.src.rpm

Red Hat Linux 6.2:

alpha:
ftp://updates.redhat.com/6.2/alpha/apache-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-devel-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/apache-manual-1.3.14-2.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/auth_ldap-1.4.0-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mod_perl-1.23-3.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-ldap-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.17-1.6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/php-pgsql-3.0.17-1.6.2.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/apache-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-devel-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/apache-manual-1.3.14-2.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/auth_ldap-1.4.0-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mod_perl-1.23-3.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-ldap-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.17-1.6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.17-1.6.2.sparc.rpm
i386:
ftp://updates.redhat.com/6.2/i386/apache-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-devel-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/apache-manual-1.3.14-2.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/auth_ldap-1.4.0-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/mod_perl-1.23-3.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-imap-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-ldap-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-manual-3.0.17-1.6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.17-1.6.2.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/apache-1.3.14-2.6.2.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/auth_ldap-1.4.0-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/mod_perl-1.23-3.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/php-3.0.17-1.6.2.src.rpm

Red Hat Linux 7.0:

i386:
ftp://updates.redhat.com/7.0/i386/apache-1.3.14-3.i386.rpm
ftp://updates.redhat.com/7.0/i386/apache-devel-1.3.14-3.i386.rpm
ftp://updates.redhat.com/7.0/i386/apache-manual-1.3.14-3.i386.rpm
ftp://updates.redhat.com/7.0/i386/mod_ssl-2.7.1-3.i386.rpm
ftp://updates.redhat.com/7.0/i386/mod_php-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-imap-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-ldap-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-manual-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-mysql-4.0.3pl1-1.i386.rpm
ftp://updates.redhat.com/7.0/i386/php-pgsql-4.0.3pl1-1.i386.rpm

sources:
ftp://updates.redhat.com/7.0/SRPMS/apache-1.3.14-3.src.rpm
ftp://updates.redhat.com/7.0/SRPMS/php-4.0.3pl1-1.src.rpm


Apache Software Foundation Apache 1.3.12

• Apache mod_rewrite.patch
  http://www.securityfocus.com/data/vulnerabilities/patches/mod_rewrite. patch