Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 141986

Summary: net-www/apache: Arbitrary code execution (CVE-2006-3747)
Product: Gentoo Security Reporter: Matthias Geerdsen (RETIRED) <vorlon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: apache-bugs, bernd, chainsaw, jaervosz, spida
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
Whiteboard: C1 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Matthias Geerdsen (RETIRED) gentoo-dev 2006-07-28 03:44:22 UTC
http://httpd.apache.org/security/vulnerabilities_20.html
Fixed in Apache httpd 2.0.59
important: mod_rewrite off-by-one error CVE-2006-3747

An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution.
Update Released: 27th July 2006
Affects: 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46

---
http://httpd.apache.org/security/vulnerabilities_13.html

Fixed in Apache httpd 1.3.37
important: mod_rewrite off-by-one error CVE-2006-3747

An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution.
Update Released: 27th July 2006
Affects: 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28

---
http://httpd.apache.org/security/vulnerabilities_22.html

Fixed in Apache httpd 2.2.3
important: mod_rewrite off-by-one error CVE-2006-3747

An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution.
Update Released: 27th July 2006
Affects: 2.2.2, 2.2.0
Comment 1 Michael Stewart (vericgar) (RETIRED) gentoo-dev 2006-07-28 05:39:04 UTC
Patched versions of 2.0.58, 1.3.34, and 2.2.2 that address this issue are now in CVS. Full version bumps that include the other features of the new versions will come this weekend.

Please have the remaining archs mark stable the following:
net-www/apache-2.0.58-r2
new-www/apache-1.3.34-r14

(2.2.x line is still p.masked so we do not want stable marking there yet)
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2006-07-28 05:47:07 UTC
arches please test and mark stable if possible
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-28 06:35:11 UTC
*** Bug 141763 has been marked as a duplicate of this bug. ***
Comment 4 Matthias Geerdsen (RETIRED) gentoo-dev 2006-07-29 14:47:34 UTC
marked stable on alpha by kloeri
-> removing alpha from CC:
-> changing status to [glsa]

29 Jul 2006; Bryan 
Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev 2006-07-29 14:47:34 UTC
marked stable on alpha by kloeri
-> removing alpha from CC:
-> changing status to [glsa]

29 Jul 2006; Bryan Ã<98>stergaard <kloeri@gentoo.org>
  apache-1.3.34-r14.ebuild, apache-2.0.58-r2.ebuild:
  Stable on alpha.

Comment 6 Matthias Geerdsen (RETIRED) gentoo-dev 2006-08-01 05:48:52 UTC
GLSA 200608-01

thanks everyone