• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Apache APR_PSPrintf Memory Corruption Vulnerability

Solution:
This issue has been addressed in Apache 2.0.46. Users are advised to upgrade.

Red Hat has released an advisory (RHSA-2003:186-01) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo Linux users who are running net-www/apache-2.x may upgrade to apache-2.0.46 with the following commands:

emerge sync
emerge apache
emerge clean

Apple has released a security update to address this issue. Users are advised to upgrade as soon as possible. The fix can be downloaded or can be automatically applied by using Software Update pane in the System Preferences.

HP has released advisory HPSBUX0307-269 to address this issue.

Fixes are available:


RedHat httpd-manual-2.0.40-21.i386.rpm

• Red Hat httpd-manual-2.0.40-21.3.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-manual-2.0.40-21.3.i386.rp m

RedHat httpd-2.0.40-8.i386.rpm

• Red Hat httpd-2.0.40-11.5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-2.0.40-11.5.i386.rpm

RedHat httpd-2.0.40-21.i386.rpm

• Red Hat httpd-2.0.40-21.3.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-2.0.40-21.3.i386.rpm

RedHat httpd-manual-2.0.40-8.i386.rpm

• Red Hat httpd-manual-2.0.40-11.5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-manual-2.0.40-11.5.i386. rpm

RedHat httpd-devel-2.0.40-21.i386.rpm

• Red Hat httpd-devel-2.0.40-21.3.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/httpd-devel-2.0.40-21.3.i386.rpm

RedHat httpd-devel-2.0.40-8.i386.rpm

• Red Hat httpd-devel-2.0.40-11.5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/httpd-devel-2.0.40-11.5.i386.r pm

RedHat mod_ssl-2.0.40-8.i386.rpm

• Red Hat mod_ssl-2.0.40-11.5.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.5.i386.rpm

RedHat mod_ssl-2.0.40-21.i386.rpm

• Red Hat mod_ssl-2.0.40-21.3.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/mod_ssl-2.0.40-21.3.i386.rpm

HP HP-UX Apache-Based Web Server 1.0 .04.01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .05.01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .03.01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0 .02.01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP HP-UX Apache-Based Web Server 1.0.1 .01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP Apache-Based Web Server 1.3.27 .01

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP Apache-Based Web Server 1.3.27 .00

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP Apache-Based Web Server 1.3.27 .02

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

Apache Software Foundation Apache 2.0.37

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.38

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.39

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.40

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.41

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.42

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

HP Apache-Based Web Server 2.0.43 .04

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

HP Apache-Based Web Server 2.0.43 .00

• HP hp-ux apache-based web server v.1.0.06.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE


• HP hp-ux apache-based web server v.1.0.07.01
  http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProdu ctInfo.pl?productNumber=HPUXWSSUITE

Apache Software Foundation Apache 2.0.43

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/

Apache Software Foundation Apache 2.0.44

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/


• Mandrake apache-conf-2.0.45-2.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache-conf-2.0.45-2.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-common-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-common-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-devel-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-devel-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-manual-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-manual-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_dav-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_dav-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ldap-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ldap-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ssl-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ssl-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-modules-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-modules-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-source-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-source-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libapr0-2.0.45-4.3mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libapr0-2.0.45-4.3mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php

Apache Software Foundation Apache 2.0.45

• Apache Software Foundation Apache httpd 2.0.46
  http://www.apache.org/dist/httpd/


• Apple SecurityUpd2003-06-12.dmg
  http://www.info.apple.com/kbnum/n120215


• Conectiva apache-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_2cl. i386.rpm


• Conectiva apache-devel-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U9 0_2cl.i386.rpm


• Conectiva apache-doc-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_ 2cl.i386.rpm


• Conectiva apache-htpasswd-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-2879 0U90_2cl.i386.rpm


• Conectiva libapr-devel-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U9 0_2cl.i386.rpm


• Conectiva libapr-devel-static-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45- 28790U90_2cl.i386.rpm


• Conectiva libapr0-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_2cl .i386.rpm


• Conectiva mod_auth_ldap-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U 90_2cl.i386.rpm


• Conectiva mod_dav-2.0.45-28790U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_2cl .i386.rpm