漏洞信息详情
Apache Web Server 安全漏洞
- CNNVD编号:CNNVD-200207-041
- 危害等级: 高危
- CVE编号: CVE-2002-0392
- 漏洞类型: 其他
- 发布时间: 2002-06-18
- 威胁类型: 远程
- 更新时间: 2021-07-16
- 厂 商: apache
- 漏洞来源: Mark Litchfield※ m...
漏洞简介
Apache Web Server是一款非常流行的开放源码、功能强大的Web服务器程序,由Apache Software Foundation开发和维护。它可以运行在多种操作系统平台下,例如Unix/Linux/BSD系统以及Windows系统。Apache在处理以分块(chunked)方式传输数据的HTTP请求时存在设计漏洞,远程攻击者可能利用此漏洞在某些Apache服务器上以Web服务器进程的权限执行任意指令或进行拒绝服务攻击。分块编码(chunked encoding)传输方式是HTTP 1.1协议中定义的Web用户向服务器提交数据的一种方法,当服务器收到chunked编码方式的数据时会分配一个缓冲区存放之,如果提交的数据大小未知,客户端会以一个协商好的分块大小向服务器提交数据。Apache服务器缺省也提供了对分块编码(chunked encoding)支持。Apache使用了一个有符号变量储存分块长度,同时分配了一个固定大小的堆栈缓冲区来储存分块数据。出于安全考虑,在将分块数据拷贝到缓冲区之前,Apache会对分块长度进行检查,如果分块长度大于缓冲区长度,Apache将最多只拷贝缓冲区长度的数据,否则,则根据分块长度进行数据拷贝。然而在进行上述检查时,没有将分块长度转换为无符号型进行比较,因此,如果攻击者将分块长度设置成一个负值,就会绕过上述安全检查,Apache会将一个超长(至少>0x80000000字节)的分块数据拷贝到缓冲区中,这会造成一个缓冲区溢出。对于1.3到1.3.24(含1.3.24)版本的Apache,现在已经证实在Win32系统下, 远程攻击者可能利用这一漏洞执行任意代码。在UNIX系统下,也已经证实至少在OpenBSD系统下可以利用这一漏洞执行代码。据报告称下列系统也可以成功的利用: * Sun Solaris 6-8 (sparc/x86) * FreeBSD 4.3-4.5 (x86) * OpenBSD 2.6-3.1 (x86) * Linux (GNU) 2.4 (x86)对于Apache 2.0到2.0.36(含2.0.36),尽管存在同样的问题代码,但它会检测错误出现的条件并使子进程退出。根据不同因素,包括受影响系统支持的线程模式的影响,本漏洞可导致各种操作系统下运行的Apache Web服务器拒绝服务。
漏洞公告
临时解决方法:
此安全漏洞没有好的临时解决方案,由于已经有一个有效的攻击代码被发布,我们建议您立刻升级到Apache最新版本。
厂商补丁:
Apache Group
------------
Apache Group已经为此发布了一个安全公告(SB-20020617)以及相应的升级程序:
SB-20020617:Apache httpd: vulnerability with chunked encoding
链接:
http://httpd.apache.org/info/security_bulletin_20020617.txt" target="_blank">
http://httpd.apache.org/info/security_bulletin_20020617.txt
您可以在下列地址下载最新版本:
Apache 1.3.26:
Apache 2.0.39:
http://www.apache.org/dist/httpd/" target="_blank">
http://www.apache.org/dist/httpd/
Debian
------
Debian已经为此发布了一个安全公告(DSA-131-1)以及相应补丁:
DSA-131-1:Apache chunk handling vulnerability
链接:
http://www.debian.org/security/2002/dsa-131" target="_blank">
http://www.debian.org/security/2002/dsa-131
补丁下载:
Source archives:
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.diff.gz" target="_blank">
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.dsc" target="_blank">
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.dsc
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz" target="_blank">
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz
Architecture independent archives:
http://security.debian.org/dists/stable/updates/main/binary-all/apache-doc_1.3.9-14.1_all.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-all/apache-doc_1.3.9-14.1_all.deb
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-14.1_alpha.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-14.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-14.1_alpha.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-14.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-14.1_alpha.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-14.1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-14.1_arm.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-14.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-14.1_arm.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-14.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-14.1_arm.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-14.1_arm.deb
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-14.1_i386.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-14.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-14.1_i386.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-14.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-14.1_i386.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-14.1_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-14.1_m68k.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-14.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-14.1_m68k.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-14.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-14.1_m68k.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-14.1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-14.1_powerpc.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-14.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-14.1_powerpc.deb" target="_blank">
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-14.1_powerpc.deb
http://security.debian.org/dists/stable/up" target="_blank">
http://security.debian.org/dists/stable/up
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SN-02:04)以及相应补丁:
FreeBSD-SN-02:04:security issues in ports
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:04 .asc
为了升级一个修复后的port包,可以采用下列两种方法中的任意一种:
1) 更新您的"Ports Collection",然后重建、重新安装port.您可以使用下列几个工具来使升级工作更简单:
/usr/ports/devel/portcheckout
/usr/ports/misc/porteasy
/usr/ports/sysutils/portupgrade
2) 卸载旧的port软件包,从下列地址获取并安装一个新的包:
[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
OpenBSD
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch
更多信息可以参考如下链接:
http://www.openbsd.org/errata.HTML#httpd" target="_blank">
http://www.openbsd.org/errata.HTML#httpd
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:103-13)以及相应补丁:
RHSA-2002:103-13:Updated Apache packages fix chunked encoding issue
链接:https://www.redhat.com/support/errata/RHSA-2002-103.HTML
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/apache-1.3.22-5.6.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/apache-1.3.22-5.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/apache-devel-1.3.22-5.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/apache-manual-1.3.22-5.6.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/apache-1.3.22-5.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/apache-devel-1.3.22-5.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/apache-manual-1.3.22-5.6.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/apache-1.3.22-5.6.sparc.rpm
参考网址
来源:ENGARDE
链接:http://www.linuxsecurity.com/advisories/other_advisory-2137.HTML
来源:httpd.apache.org%3E
链接:httpd.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.
来源:BID
链接:https://www.securityfocus.com/bid/5033
来源:OSVDB
链接:http://www.osvdb.org/838
来源:MLIST
链接:https://lists.apache.org/thread.HTML/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.
来源:MANDRAKE
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039
来源:MLIST
链接:https://lists.apache.org/thread.HTML/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.
来源:XF
链接:http://www.iss.net/security_center/static/9249.php
来源:BUGTRAQ
链接:http://online.securityfocus.com/archive/1/278149
来源:httpd.apache.org
链接:httpd.apache.org/info/security_bulletin_20020617.txt
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2002-118.HTML
来源:DEBIAN
链接:https://www.debian.org/security/2002/dsa-133
来源:SUSE
链接:http://www.novell.com/linux/security/advisories/2002_22_apache.HTML
来源:DEBIAN
链接:https://www.debian.org/security/2002/dsa-131
来源:DEBIAN
链接:https://www.debian.org/security/2002/dsa-132
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.
来源:HP
链接:http://online.securityfocus.com/advisories/4240
来源:FRSIRT
链接:http://www.frsirt.com/english/advisories/2006/3598
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2002-150.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2002-126.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.
来源:BUGTRAQ
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.
来源:BUGTRAQ
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.
来源:SECUNIA
链接:http://secunia.com/advisories/21917
来源:HP
链接:http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.
来源:CONECTIVA
链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2003-106.HTML
来源:HP
链接:http://online.securityfocus.com/advisories/4257
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2002-117.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2002-103.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.
来源:CERT
链接:http://www.cert.org/advisories/CA-2002-17.HTML
来源:BID
链接:https://www.securityfocus.com/bid/20005
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/944335
受影响实体
- Apache Http_server:2.0.36
- Apache Http_server:2.0.35
- Apache Http_server:2.0.32
- Apache Http_server:2.0.28
- Apache Http_server:2.0
补丁
暂无
评论