Monitoring, Management & Location Tracking

AWMS 7.0: Important kernel security and bug fix update

Aruba Employee

Important: kernel security and bug fix update pertaining to the following:

 

 

CVE-2009-0023
CVE-2010-0425
CVE-2010-0434
CVE-2009-1955
CVE-2009-1956
CVE-2008-2364
CVE-2009-2412
CVE-2009-2699


CVE-2009-0023
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
https://rhn.redhat.com/errata/RHSA-2009-1107.html
aw-apr-1.2.7-11
aw-apr-util-1.2.7-7

CVE-2010-0425
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Windows issue -> doesn't apply to AMP

CVE-2010-0434
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
https://rhn.redhat.com/errata/RHSA-2010-0168.html
aw-httpd-2.2.3-31.4

 

CVE-2009-1955
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
https://rhn.redhat.com/errata/RHSA-2009-1107.html
aw-apr-1.2.7-11
aw-apr-util-1.2.7-7

CVE-2009-1956
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
https://rhn.redhat.com/errata/RHSA-2009-1107.html
aw-apr-1.2.7-11
aw-apr-util-1.2.7-7

CVE-2008-2364
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
https://rhn.redhat.com/errata/RHSA-2008-0967.html
aw-httpd-2.2.3-31.4

CVE-2009-2412
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
https://rhn.redhat.com/errata/RHSA-2009-1204.html
aw-apr-1.2.7-11
aw-apr-util-1.2.7-7

CVE-2009-2699
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
Solaris issue -> doesn't apply to AMP
-----
CVE-2009-2699 and CVE-2010-0425 do not apply to AMP. The others are all fixed as of AMP 7. These packages were checked against AMP 7.0.10 code. The packages listed below the RHEL link signify packages that are in AMP that resolve the security issue.

Version history
Revision #:
1 of 1
Last update:
‎06-26-2014 02:34 PM
 
Labels (2)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: