[LWN Logo]
[Timeline]
Date: Tue, 10 Oct 2000 15:57:19 -0600
From: Caldera Support Info <sup-info@locutus4.calderasystems.com>
To: announce@lists.calderasystems.com, bugtraq@securityfocus.com,
Subject: Security Update: file view vulnerability in mod_rewrite


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		file view vulnerability in mod_rewrite
Advisory number: 	CSSA-2000-035.0
Issue date: 		2000 October, 10
Cross reference:
______________________________________________________________________________


1. Problem Description

   The Apache HTTP server comes with a module named mod_rewrite
   which can be used to rewrite URLs presented by the client
   before further processing.

   The processing logic in mod_rewrite contains a flaw that allows
   attackers to view arbitrary files on the server system.

   In the default configuration shipped with OpenLinux, mod_rewrite
   is disabled.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
   				apache-1.3.4-5

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       apache-1.3.9-5S

   OpenLinux eDesktop 2.4	All packages previous to
                                apache-1.3.11-2D

3. Solution

   Workaround:

   If you haven't enabled mod_rewrite, no action is required on
   your part. If you do use mod_rewrite, update to the fixed packages.

4. OpenLinux Desktop 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       c01531115e05d0371db7b1ac83c85b3b  RPMS/apache-1.3.4-5.i386.rpm
       8403e4002988a610c8a0ee11e4b088b1  RPMS/apache-docs-1.3.4-5.i386.rpm
       28a4dc488a42088c1761cbb210a26c9c  SRPMS/apache-1.3.4-5.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -Fhv apache-*1.3.4-5.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       45bd05d80b8c5ca5ef87da39de9c19dd  RPMS/apache-1.3.9-5S.i386.rpm
       0a2043799cdf207f5b797f027a1228a3  RPMS/apache-devel-1.3.9-5S.i386.rpm
       7aa9d9789fb94600439752a72bb525fb  RPMS/apache-docs-1.3.9-5S.i386.rpm
       6305241c58b0185babe1582438aa62e9  SRPMS/apache-1.3.9-5S.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -Fhv apache-*1.3.9-5S.i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       c303c215facbe330fd454e502a50e798  RPMS/apache-1.3.11-2D.i386.rpm
       a173b7d14a0d0c1badf9e23c6ec3769e  RPMS/apache-devel-1.3.11-2D.i386.rpm
       3c92d84da29b69e8f4b665a17ce2328f  RPMS/apache-docs-1.3.11-2D.i386.rpm
       e9c43b643cb040b97130dcfd3ee17b10  SRPMS/apache-1.3.11-2D.src.rpm         

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -Fhv apache-*1.3.11-2D.i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 7940.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE54wIa18sy83A/qfwRAiBuAJ4m7PwHmpb75kGjgfRgW0b23zTQBACfdz0a
TSR0QmfBRaIy7I3ZdjH2Blk=
=ijRI
-----END PGP SIGNATURE-----