dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Caldera Systems Security Advisory: file view vulnerability in mod_rewrite

Oct 11, 2000, 06:41 (0 Talkback[s])

Date: Tue, 10 Oct 2000 15:57:19 -0600
From: Caldera Support Info sup-info@LOCUTUS4.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Update: file view vulnerability in mod_rewrite


                   Caldera Systems, Inc.  Security Advisory
 
Subject:                file view vulnerability in mod_rewrite
Advisory number:        CSSA-2000-035.0
Issue date:             2000 October, 10
Cross reference:

 
 
1. Problem Description

The Apache HTTP server comes with a module named mod_rewrite which can be used to rewrite URLs presented by the client before further processing.

The processing logic in mod_rewrite contains a flaw that allows attackers to view arbitrary files on the server system.

In the default configuration shipped with OpenLinux, mod_rewrite is disabled.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                apache-1.3.4-5
 
   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       apache-1.3.9-5S
 
   OpenLinux eDesktop 2.4       All packages previous to
                                apache-1.3.11-2D
3. Solution

Workaround:

If you haven't enabled mod_rewrite, no action is required on your part. If you do use mod_rewrite, update to the fixed packages.

4. OpenLinux Desktop 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

       c01531115e05d0371db7b1ac83c85b3b  RPMS/apache-1.3.4-5.i386.rpm
       8403e4002988a610c8a0ee11e4b088b1  RPMS/apache-docs-1.3.4-5.i386.rpm
       28a4dc488a42088c1761cbb210a26c9c  SRPMS/apache-1.3.4-5.src.rpm
 
4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv apache-*1.3.4-5.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

       45bd05d80b8c5ca5ef87da39de9c19dd  RPMS/apache-1.3.9-5S.i386.rpm
       0a2043799cdf207f5b797f027a1228a3  RPMS/apache-devel-1.3.9-5S.i386.rpm
       7aa9d9789fb94600439752a72bb525fb  RPMS/apache-docs-1.3.9-5S.i386.rpm
       6305241c58b0185babe1582438aa62e9  SRPMS/apache-1.3.9-5S.src.rpm
 
5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv apache-*1.3.9-5S.i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification
 
       c303c215facbe330fd454e502a50e798  RPMS/apache-1.3.11-2D.i386.rpm
       a173b7d14a0d0c1badf9e23c6ec3769e  RPMS/apache-devel-1.3.11-2D.i386.rpm
       3c92d84da29b69e8f4b665a17ce2328f  RPMS/apache-docs-1.3.11-2D.i386.rpm
       e9c43b643cb040b97130dcfd3ee17b10  SRPMS/apache-1.3.11-2D.src.rpm
 
6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv apache-*1.3.11-2D.i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 7940.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.