Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 389353 (CVE-2011-3607) - <www-servers/apache-2.2.22 ap_pregsub() Privilege Escalation Vulnerability (CVE-2011-3607)
Summary: <www-servers/apache-2.2.22 ap_pregsub() Privilege Escalation Vulnerability (C...
Status: RESOLVED FIXED
Alias: CVE-2011-3607
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/45793/
Whiteboard: B1 [glsa]
Keywords:
Depends on: 401761
Blocks:
  Show dependency tree
 
Reported: 2011-11-02 18:05 UTC by Agostino Sarubbo
Modified: 2012-06-24 14:29 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-11-02 18:05:36 UTC
From secunia security advisory at $URL:

Description:
The vulnerability is caused due to an integer overflow within the "ap_pregsub()" function (server/utils.c) and can be exploited to cause a heap-based buffer overflow via a specially crafted ".htaccess" file.

The vulnerability is confirmed in versions 2.2.21.

Solution:
Not fixed atm.
Comment 1 Agostino Sarubbo gentoo-dev 2011-11-09 12:17:27 UTC
https://svn.apache.org/viewvc?view=revision&revision=1198940
here is the fix.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2011-11-16 23:36:42 UTC
CVE-2011-3607 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607):
  Integer overflow in the ap_pregsub function in server/util.c in the Apache
  HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the
  mod_setenvif module is enabled, allows local users to gain privileges via a
  .htaccess file with a crafted SetEnvIf directive, in conjunction with a
  crafted HTTP request header, leading to a heap-based buffer overflow.
Comment 3 Sean Amoss gentoo-dev Security 2012-04-17 23:59:34 UTC
Added to existing GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 14:29:16 UTC
This issue was resolved and addressed in
 GLSA 201206-25 at http://security.gentoo.org/glsa/glsa-201206-25.xml
by GLSA coordinator Tobias Heinlein (keytoaster).