Date: Tue, 10 Oct 2000 15:57:19 -0600
From: Caldera Support Info sup-info@LOCUTUS4.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Update: file view vulnerability in
mod_rewrite
Caldera Systems, Inc. Security Advisory
Subject: file view vulnerability in mod_rewrite
Advisory number: CSSA-2000-035.0
Issue date: 2000 October, 10
Cross reference:
1. Problem Description
The Apache HTTP server comes with a module named mod_rewrite
which can be used to rewrite URLs presented by the client before
further processing.
The processing logic in mod_rewrite contains a flaw that allows
attackers to view arbitrary files on the server system.
In the default configuration shipped with OpenLinux, mod_rewrite
is disabled.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
apache-1.3.4-5
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder apache-1.3.9-5S
OpenLinux eDesktop 2.4 All packages previous to
apache-1.3.11-2D
3. Solution
Workaround:
If you haven’t enabled mod_rewrite, no action is required on
your part. If you do use mod_rewrite, update to the fixed
packages.
4. OpenLinux Desktop 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
c01531115e05d0371db7b1ac83c85b3b RPMS/apache-1.3.4-5.i386.rpm
8403e4002988a610c8a0ee11e4b088b1 RPMS/apache-docs-1.3.4-5.i386.rpm
28a4dc488a42088c1761cbb210a26c9c SRPMS/apache-1.3.4-5.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv apache-*1.3.4-5.i386.rpm
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential
3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
45bd05d80b8c5ca5ef87da39de9c19dd RPMS/apache-1.3.9-5S.i386.rpm
0a2043799cdf207f5b797f027a1228a3 RPMS/apache-devel-1.3.9-5S.i386.rpm
7aa9d9789fb94600439752a72bb525fb RPMS/apache-docs-1.3.9-5S.i386.rpm
6305241c58b0185babe1582438aa62e9 SRPMS/apache-1.3.9-5S.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv apache-*1.3.9-5S.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
c303c215facbe330fd454e502a50e798 RPMS/apache-1.3.11-2D.i386.rpm
a173b7d14a0d0c1badf9e23c6ec3769e RPMS/apache-devel-1.3.11-2D.i386.rpm
3c92d84da29b69e8f4b665a17ce2328f RPMS/apache-docs-1.3.11-2D.i386.rpm
e9c43b643cb040b97130dcfd3ee17b10 SRPMS/apache-1.3.11-2D.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv apache-*1.3.11-2D.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera’s internal Problem Report
7940.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.