• info
• discussion
• exploit
• solution
• references

Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Solution:
This vulnerability does not affect Apache 2.0.45. Users are advised to upgrade. The Apache Software Foundation has also provided a patch for Apache 2.0.44.


HP HP-UX Apache-Based Web Server 1.0 .01

• HP hp-ux apache-based web server v.1.0.03.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .02.01

• HP hp-ux apache-based web server v.1.0.03.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0.1 .01

• HP hp-ux apache-based web server v.1.0.03.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

Apache Software Foundation Apache 2.0

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0 a9

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.28

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.32

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.35

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.36

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.37

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.38

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.39

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.40

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/


• Conectiva apache-2.0.45-28790U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_1cl. i386.rpm


• Conectiva apache-devel-2.0.45-28790U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U9 0_1cl.i386.rpm


• Conectiva apache-doc-2.0.45-28790U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_ 1cl.i386.rpm


• Conectiva apache-htpasswd-2.0.45-28790U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-2879 0U90_1cl.i386.rpm


• Conectiva libapr-devel-2.0.45-28790U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U9 0_1cl.i386.rpm


• Conectiva libapr-devel-static-2.0.45-28790U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45- 28790U90_1cl.i386.rpm


• Conectiva libapr0-2.0.45-28790U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_1cl .i386.rpm


• Red Hat httpd-2.0.40-11.3.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-2.0.40-11.3.i386.rpm


• Red Hat httpd-2.0.40-21.1.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-2.0.40-21.1.i386.rpm


• Red Hat httpd-devel-2.0.40-11.3.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-devel-2.0.40-11.3.i386.r pm


• Red Hat httpd-devel-2.0.40-21.1.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-devel-2.0.40-21.1.i386.rpm


• Red Hat httpd-manual-2.0.40-11.3.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-manual-2.0.40-11.3.i386. rpm


• Red Hat httpd-manual-2.0.40-21.1.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-manual-2.0.40-21.1.i386.rp m


• Red Hat mod_ssl-2.0.40-11.3.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.3.i386.rpm


• Red Hat mod_ssl-2.0.40-21.1.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mod_ssl-2.0.40-21.1.i386.rpm

Apache Software Foundation Apache 2.0.41

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.42

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

HP Apache-Based Web Server 2.0.43 .04

• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP Apache-Based Web Server 2.0.43 .00

• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

Apache Software Foundation Apache 2.0.43

• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.44

• Apache Software Foundation denial_of_service_fix.patch
  Source patch for Apache 2.0.44.
  http://www.apache.org/dist/httpd/patches/apply_to_2.0.44/denial_of_ser vice_fix.patch


• Apache Software Foundation Apache httpd 2.0.45
  http://www.apache.org/dist/httpd/