• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache Mod_Access Access Control Rule Bypass Vulnerability

Solution:
The vendor has addressed this issue, the fix is available through CVS at the following location:
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47

OpenPKG has released an advisory OpenPKG-SA-2004.021 to address this and other issues in Apache. Please see the referenced advisory for more information.

Slackware has released an advisory SSA:2004-133-01 to address this and other issues in Apache. Please see the referenced advisory for more information.

Trustix has released an advisory TSLSA-2004-0027 to address this and other issues in Apache. Please see the referenced advisory for more information.

Mandrake has issused advisory MDKSA-2004:046 and fixes. See reference section for more information.

Mandrake has issued a revised advisory and fixes. See advisory MDKSA-2004:046-1 in the reference section for more information.

Turbolinux has issused advisory TLSA-2004-17 and fixes. See reference section for more information.

Apache Server version 1.3.31 has been released to address this and other issues.

HP has released an advisory (HPSBUX01069) to address this and other issues. Please see the referenced advisory for more information.

Sun has released an alert (Alert ID: 57628) containing preliminary T-patches to address this and other issues in Apache. Please see the advisory in web references for more information.

Sun has released an update to Sun Alert ID: 57628. Patches for Solaris 9.0 have been made available. Patches for Solaris 8.0 are still pending.

Sun has released an update to Sun Alert ID: 57628. T-Patches (T116973-01, T116974-01) are available through normal support channels for Solaris 8 SPARC platform and Solaris 8 x86 platform. Please see the referenced Sun alert for more information.

Oracle has released a Critical Patch Update (Critical Patch Update - July 2005) to address this issue. Currently, it is unknown which exact Oracle products include vulnerable packages. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update in references.


Sun Solaris 9

• Sun T-patch T113146-05.tar.Z
  http://sunsolve.sun.com/pub-cgi/show.pl?target=security/tpatches


• Sun 113146-05
  http://sunsolve.sun.com/search/pdownload.pl?target=113146-05&method=hs

Sun Solaris 9_x86

• Sun T-patch T114145-04.tar.Z
  http://sunsolve.sun.com/pub-cgi/show.pl?target=security/tpatches


• Sun 114145-04
  http://sunsolve.sun.com/search/pdownload.pl?target=114145-04&method=hs

Apache Software Foundation Apache 1.3

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.1

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.11

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.12

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.14

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.17

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.18

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.19

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.20

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.22

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.23

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.24

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.25

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.26

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi


• Mandrake apache-mod_perl-1.3.26_1.27-7.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache-mod_perl-1.3.26_1.27-7.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake HTML-Embperl-1.3.26_1.3.4-7.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake HTML-Embperl-1.3.26_1.3.4-7.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-common-1.3.26_1.27-7.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-common-1.3.26_1.27-7.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-devel-1.3.26_1.27-7.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-devel-1.3.26_1.27-7.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.mandrakesecure.net/en/ftp.php

Apache Software Foundation Apache 1.3.27

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi


• Mandrake apache-mod_perl-1.3.27_1.27-7.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache-mod_perl-1.3.27_1.27-7.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake HTML-Embperl-1.3.27_1.3.4-7.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake HTML-Embperl-1.3.27_1.3.4-7.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-common-1.3.27_1.27-7.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-common-1.3.27_1.27-7.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-devel-1.3.27_1.27-7.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-devel-1.3.27_1.27-7.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• TurboLinux apache-1.3.27-23.i386.rpm
  Turbolinux Advanced Server 6
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/apache-1.3.27-23.i386.rpm


• TurboLinux apache-1.3.27-23.i386.rpm
  Turbolinux Server 6.1
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/apache-1.3.27-23.i386.rpm


• TurboLinux apache-1.3.27-23.i386.rpm
  Turbolinux Server 6.5
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/apache-1.3.27-23.i386.rpm


• TurboLinux apache-1.3.27-23.i386.rpm
  Turbolinux Workstation 6.0
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6. 0/ja/updates/RPMS/apache-1.3.27-23.i386.rpm


• TurboLinux apache-1.3.27-23.i586.rpm
  Turbolinux 7 Server
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/apache-1.3.27-23.i586.rpm


• TurboLinux apache-1.3.27-23.i586.rpm
  Turbolinux 8 Server
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/apache-1.3.27-23.i586.rpm


• TurboLinux apache-1.3.27-23.i586.rpm
  Turbolinux 7 Workstation
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/apache-1.3.27-23.i586.rpm


• TurboLinux apache-1.3.27-23.i586.rpm
  Turbolinux 8 Workstation
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/apache-1.3.27-23.i586.rpm


• TurboLinux apache-devel-1.3.27-23.i386.rpm
  Turbolinux Advanced Server 6
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm


• TurboLinux apache-devel-1.3.27-23.i386.rpm
  Turbolinux Server 6.1
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/apache-devel-1.3.27-23.i386.rpm


• TurboLinux apache-devel-1.3.27-23.i386.rpm
  Turbolinux Server 6.5
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/apache-devel-1.3.27-23.i386.rpm


• TurboLinux apache-devel-1.3.27-23.i386.rpm
  Turbolinux Workstation 6.0
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6. 0/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm


• TurboLinux apache-devel-1.3.27-23.i586.rpm
  Turbolinux 7 Server
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/apache-devel-1.3.27-23.i586.rpm


• TurboLinux apache-devel-1.3.27-23.i586.rpm
  Turbolinux 8 Server
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/apache-devel-1.3.27-23.i586.rpm


• TurboLinux apache-devel-1.3.27-23.i586.rpm
  Turbolinux 8 Workstation
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/apache-devel-1.3.27-23.i586.rpm


• TurboLinux apache-manual-1.3.27-23.i386.rpm
  Turbolinux Advanced Server 6
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm


• TurboLinux apache-manual-1.3.27-23.i386.rpm
  Turbolinux Server 6.1
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/apache-manual-1.3.27-23.i386.rpm


• TurboLinux apache-manual-1.3.27-23.i386.rpm
  Turbolinux Server 6.5
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/apache-manual-1.3.27-23.i386.rpm


• TurboLinux apache-manual-1.3.27-23.i386.rpm
  Turbolinux Workstation 6.0
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6. 0/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm


• TurboLinux apache-manual-1.3.27-23.i586.rpm
  Turbolinux 7 Server
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/apache-manual-1.3.27-23.i586.rpm


• TurboLinux apache-manual-1.3.27-23.i586.rpm
  Turbolinux 8 Server
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/apache-manual-1.3.27-23.i586.rpm


• TurboLinux apache-manual-1.3.27-23.i586.rpm
  Turbolinux 7 Workstation
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/apache-manual-1.3.27-23.i586.rpm


• TurboLinux apache-manual-1.3.27-23.i586.rpm
  Turbolinux 8 Workstation
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/apache-manual-1.3.27-23.i586.rpm


• TurboLinux mod_ssl-2.8.14-23.i386.rpm
  Turbolinux Advanced Server 6
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm


• TurboLinux mod_ssl-2.8.14-23.i386.rpm
  Turbolinux Server 6.1
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/mod_ssl-2.8.14-23.i386.rpm


• TurboLinux mod_ssl-2.8.14-23.i386.rpm
  Turbolinux Server 6.5
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/mod_ssl-2.8.14-23.i386.rpm


• TurboLinux mod_ssl-2.8.14-23.i586.rpm
  Turbolinux 7 Server
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/mod_ssl-2.8.14-23.i586.rpm


• TurboLinux mod_ssl-2.8.14-23.i586.rpm
  Turbolinux 8 Server
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/mod_ssl-2.8.14-23.i586.rpm


• TurboLinux mod_ssl-2.8.14-23.i586.rpm
  Turbolinux 7 Workstation
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/mod_ssl-2.8.14-23.i586.rpm


• TurboLinux mod_ssl-2.8.14-23.i586.rpm
  Turbolinux 8 Workstation
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/mod_ssl-2.8.14-23.i586.rpm

Apache Software Foundation Apache 1.3.28

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi


• Mandrake apache-mod_perl-1.3.28_1.28-1.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache-mod_perl-1.3.28_1.28-1.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake HTML-Embperl-1.3.28_1.3.4-1.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake HTML-Embperl-1.3.28_1.3.4-1.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-common-1.3.28_1.28-1.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-common-1.3.28_1.28-1.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-devel-1.3.28_1.28-1.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-devel-1.3.28_1.28-1.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php

Apache Software Foundation Apache 1.3.29

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi


• Mandrake apache-mod_perl-1.3.29_1.29-3.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache-mod_perl-1.3.29_1.29-3.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake HTML-Embperl-1.3.29_1.3.6-3.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake HTML-Embperl-1.3.29_1.3.6-3.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-common-1.3.29_1.29-3.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-common-1.3.29_1.29-3.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-devel-1.3.29_1.29-3.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_perl-devel-1.3.29_1.29-3.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Slackware apache-1.3.29-i386-2.tgz
  Updated package for Slackware 8.1:
  ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/a pache-1.3.29-i386-2.tgz


• Slackware apache-1.3.29-i386-2.tgz for Slackware 9.0
  Updated package for Slackware 9.0
  ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/a pache-1.3.29-i386-2.tgz


• Slackware apache-1.3.29-i486-2.tgz
  Updated package for Slackware 9.1
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/a pache-1.3.29-i486-2.tgz

Apache Software Foundation Apache 1.3.3

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.4

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.6

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.7 -dev

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi

Apache Software Foundation Apache 1.3.9

• Apache Software Foundation apache 1.3.31
  http://httpd.apache.org/download.cgi