Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 389353 (CVE-2011-3607)

Summary: <www-servers/apache-2.2.22 ap_pregsub() Privilege Escalation Vulnerability (CVE-2011-3607)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: apache-bugs, pva
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/45793/
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 401761    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2011-11-02 18:05:36 UTC 
From secunia security advisory at $URL:

Description:
The vulnerability is caused due to an integer overflow within the "ap_pregsub()" function (server/utils.c) and can be exploited to cause a heap-based buffer overflow via a specially crafted ".htaccess" file.

The vulnerability is confirmed in versions 2.2.21.

Solution:
Not fixed atm.
Comment 1 Agostino Sarubbo gentoo-dev 2011-11-09 12:17:27 UTC 
https://svn.apache.org/viewvc?view=revision&revision=1198940
here is the fix.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2011-11-16 23:36:42 UTC 
CVE-2011-3607 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607):
  Integer overflow in the ap_pregsub function in server/util.c in the Apache
  HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the
  mod_setenvif module is enabled, allows local users to gain privileges via a
  .htaccess file with a crafted SetEnvIf directive, in conjunction with a
  crafted HTTP request header, leading to a heap-based buffer overflow.
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2012-04-17 23:59:34 UTC 
Added to existing GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 14:29:16 UTC 
This issue was resolved and addressed in
 GLSA 201206-25 at http://security.gentoo.org/glsa/glsa-201206-25.xml
by GLSA coordinator Tobias Heinlein (keytoaster).