[linux-security] apache remote exploit

[Martin Siegert <siegert@sfu.ca>]

Topic
=====
remote exploit in apache webserver

Problem Description
===================
Versions of the Apache web server up to and including 1.3.24 and 2.0
up to and including 2.0.36 contain a bug in the routines which deal
with invalid requests which are encoded using chunked encoding.  This
bug can be triggered remotely by sending a carefully crafted invalid
request.

On 32 bit Unix systems this bug allows a denial of service (DoS) attack:
the web server stops running. Investigations by the Apache Software Foundation
show that in some cases 64-bit platforms may have a greater exposure and
could be remotely exploited to allow arbitrary code to be run on the server.
This includes defacing of web pages served by the apache web server.

Upgrading to newer or patched versions of the Apache webserver is strongly
recommended.

Affected Systems
================
Web servers based on Apache code versions 1.3 through 1.3.24
Web servers based on Apache code versions 2.0 through 2.0.36

Solution
========
upgrade to versions 1.3.26 or 2.0.39 or a patched version for your
distribution.

RedHat 6.x
----------
rpm -Fvh apache-1.3.22-5.6.i386.rpm \
         apache-devel-1.3.22-5.6.i386.rpm \
         apache-manual-1.3.22-5.6.i386.rpm

RedHat 7.0, 7.1
---------------
rpm -Fvh apache-1.3.22-5.7.1.i386.rpm \
         apache-devel-1.3.22-5.7.1.i386.rpm \
         apache-manual-1.3.22-5.7.1.i386.rpm

RedHat 7.2
----------
rpm -Fvh apache-1.3.22-6.i386.rpm \
         apache-devel-1.3.22-6.i386.rpm \
         apache-manual-1.3.22-6.i386.rpm

RedHat 7.3
----------
rpm -Fvh apache-1.3.23-14.i386.rpm \
         apache-devel-1.3.23-14.i386.rpm \
         apache-manual-1.3.23-14.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to apache_1.3.9-14.1_i386.deb, apache-common_1.3.9-14.1_i386.deb,
apache-dev_1.3.9-14.1_i386.deb. 
Then check your configuration: "apachectl configtest".
Finally restart the webserver: "/etc/init.d/apache restart".