USN-575-1: Apache vulnerabilities

Ubuntu Security Notice USN-575-1

4th February, 2008

apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software description

  • apache2

Details

It was discovered that Apache did not sanitize the Expect header from
an HTTP request when it is reflected back in an error message, which
could result in browsers becoming vulnerable to cross-site scripting
attacks when processing the output. With cross-site scripting
vulnerabilities, if a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, or steal confidential data (such as passwords),
within the same domain. This was only vulnerable in Ubuntu 6.06.
(CVE-2006-3918)

It was discovered that when configured as a proxy server and using a
threaded MPM, Apache did not properly sanitize its input. A remote
attacker could send Apache crafted date headers and cause a denial of
service via application crash. By default, mod_proxy is disabled in
Ubuntu. (CVE-2007-3847)

It was discovered that mod_autoindex did not force a character set,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. (CVE-2007-4465)

It was discovered that mod_imap/mod_imagemap did not force a
character set, which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. By
default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)

It was discovered that mod_status when status pages were available,
allowed for cross-site scripting attacks. By default, mod_status is
disabled in Ubuntu. (CVE-2007-6388)

It was discovered that mod_proxy_balancer did not sanitize its input,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable
in Ubuntu 7.04 and 7.10. (CVE-2007-6421)

It was discovered that mod_proxy_balancer could be made to
dereference a NULL pointer. A remote attacker could send a crafted
request and cause a denial of service via application crash. By
default, mod_proxy_balancer is disabled in Ubuntu. This was only
vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)

It was discovered that mod_proxy_ftp did not force a character set,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. By default,
mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 7.10:
apache2-mpm-worker 2.2.4-3ubuntu0.1
apache2-mpm-event 2.2.4-3ubuntu0.1
apache2-mpm-prefork 2.2.4-3ubuntu0.1
apache2-mpm-perchild 2.2.4-3ubuntu0.1
Ubuntu 7.04:
apache2-mpm-worker 2.2.3-3.2ubuntu2.1
apache2-mpm-event 2.2.3-3.2ubuntu2.1
apache2-mpm-prefork 2.2.3-3.2ubuntu2.1
apache2-mpm-perchild 2.2.3-3.2ubuntu2.1
Ubuntu 6.10:
apache2-mpm-worker 2.0.55-4ubuntu4.2
apache2-mpm-perchild 2.0.55-4ubuntu4.2
apache2-mpm-prefork 2.0.55-4ubuntu4.2
Ubuntu 6.06 LTS:
apache2-mpm-worker 2.0.55-4ubuntu2.3
apache2-mpm-perchild 2.0.55-4ubuntu2.3
apache2-mpm-prefork 2.0.55-4ubuntu2.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005