[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] mod_python vulnerability allows DoS attack

To: linux-security@sfu.ca
Subject: [linux-security] mod_python vulnerability allows DoS attack
From: Martin Siegert <siegert@sfu.ca>
Date: Sat, 13 Mar 2004 18:05:48 -0800
User-Agent: Mutt/1.4.1i

Topic
=====
flaw in mod_python allows Denial-of-Service (DoS) attack against
apache web server

Problem Description
===================
mod_python embeds the Python language interpreter within the Apache httpd
server.

A specific query string processed by mod_python can cause the corresponding
httpd process to crash.

Affected Versions
=================
mod_python versions 2.7.x with x < 9 and versions 3.0.y with y < 4.

Solution
========
Upgrade to mod_python 2.7.9 or later for apache-1.3 and to mod_python
3.0.4 or later for apache-2
[or upgrade to patched version for your distribution]

Debian 3.0 (woody)
------------------
upgrade to libapache-mod-python_2.7.8-0.0woody2_i386.deb

SFU 1.0 (RedHat 7.3)
--------------------
rpm -Fvh mod_python-2.7.10-1.i386.rpm

RedHat 9
--------
rpm -Fvh mod_python-3.0.1-4.i386.rpm

Prev by Date: [linux-security] local root exploit in Linux kernel
Next by Date: [linux-security] DoS attacks in openssl
Prev by thread: [linux-security] DoS attacks in openssl
Next by thread: [linux-security] backported security fixes for RH 7.3 available via ftp
Index(es):
- Date
- Thread