| Summary: | <www-servers/apache-2.2.25: mod_rewrite allows terminal escape sequences to be written to the log file (CVE-2013-1862) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | normal | CC: | alexanderyt, andreis.vinogradovs, mail, mike, patrick | ||||
| Priority: | Normal | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=953729 | ||||||
| Whiteboard: | A3 [glsa] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Bug Depends on: | 476568 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
Vulnerability Summary for CVE-2013-1862: Exploitability Subscore: 4.9 Authentication: Not required to exploit Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service Vulnerable software and versions (version from portage listed) cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.2.24 Created attachment 352658 [details, diff]
A modified ebuild of version 2.2.24 which applies files/mod_rewrite-CVE-2013-1862.patch
@maintainers: This is fixed in 2.2.25, just released. Added to existing GLSA draft CVE-2013-1862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1862): mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This issue was resolved and addressed in GLSA 201309-12 at http://security.gentoo.org/glsa/glsa-201309-12.xml by GLSA coordinator Sean Amoss (ackle). |
From ${URL} : It was found that mod_rewrite writes data to a log file without sanitizing non-printable characters. A remote attacker could use this flaw to write terminal escape sequences to log files (if the RewriteLog directive was used by mod_rewrite). This could possibly cause arbitrary command execution, via HTTP requests containing an escape sequence for a terminal emulator. (if for example the log files were viewed in a terminal emulator) Reference: http://svn.apache.org/viewvc?view=revision&revision=r1469311 Proposed patch: http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch