Note: This is an archival copy of Security Sun Alert 201328 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001002.1.
Date of Workaround Release
Date of Resolved Release
Apache allows per-directory configuration files. A local user may exploit a vulnerability in Apache through specially crafted ".htaccess" files. Malicious code may be executed through these ".htaccess" files. This may result in possible denial of service and compromise of the web site integrity.
This issue is described at:
This issue can occur in the following releases:
Unexpected web server behavior such as, adding fake entries to any Apache log file (not only those from the virtualhost the .htaccess lies in), running arbitrary commands as the web server user regardless of "ExecCGI" and "suexec" settings and spoofing replies (sending client web browsers content other than what is on the web site) may be indications that the site has been compromised.
The workaround is to disallow per-directory configuration files by only having "AllowOverride None" directives in your "httpd.conf" file. On most Sun Cobalt platforms this file can be found in the "/etc/httpd/conf" or "/etc/apache/conf" directory.
To activate the changes in the "httpd.conf" file, as root, you must restart the Apache web server by using the command:
# /etc/rc.d/init.d/httpd restart
Note: If ".htaccess" files are used to control access to restricted areas of web sites, these areas will become UNPROTECTED by this action.
This issue is addressed in the following releases:
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server
This solution has no attachment