Bug 390187 (CVE-2011-4415)

Summary:	www-servers/apache "ap_pregsub()" DoS Vulnerability (CVE-2011-4415)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	apache-bugs, pva
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://secunia.com/advisories/46823/
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2011-11-11 15:12:53 UTC

From secunia security advisory at $URL:

Description:
The vulnerability is caused due to the "apr_pregsub()" function (server/utils.c) not properly limiting the maximum size of environment variable values, which can be exploited to e.g. cause a huge memory consumption via a specially crafted ".htaccess" file.

The vulnerability is reported in versions 2.0.64 and 2.2.21. Other versions may also be affected.


Solution:
Not patched atm.


NOTE: this bug is different from bug 389353 (CVE-2011-3607)

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2011-11-16 23:25:03 UTC

CVE-2011-4415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4415):
  The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x
  through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is
  enabled, does not restrict the size of values of environment variables,
  which allows local users to cause a denial of service (memory consumption or
  NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf
  directive, in conjunction with a crafted HTTP request header, related to (1)
  the "len +=" statement and (2) the apr_pcalloc function call, a different
  vulnerability than CVE-2011-3607.

Comment 2 Tobias Heinlein (RETIRED) gentoo-dev

2012-06-21 20:37:12 UTC

Additional info:

https://bugzilla.novell.com/show_bug.cgi?id=729183

I'd vote NO here and simply close it.

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2012-06-21 21:19:20 UTC

Vote: NO. Closing noglsa.