Note: This is an archival copy of Security Sun Alert 200241 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000188.1.
Article ID : 1000188.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-08-09
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Updated Solaris 8 Patches for Apache Security Vulnerabilities

Category
Security

Release Phase
Resolved

Product
Solaris 8 Operating System

Bug Id
6267177

Date of Resolved Release
10-AUG-2005

Impact

Sun Alerts 57628 and 57496 describe several security vulnerabilities in the Apache web server and modules. The Solaris 8 patches listed in these Sun Alerts did not include some of the Apache module files. Thus several of the vulnerabilities affecting the Apache modules were not completely addressed. The impact of this is that a local or remote unprivileged user may be able to execute arbitrary code on systems running Apache with the privileges of the Apache HTTP process. The Apache HTTP process normally runs as the unprivileged uid "nobody" (uid 60001). The ability to execute arbitrary code as the unprivileged uid "nobody" may lead to modified web content, denial of service, or further compromise.

The Apache module vulnerabilities affected are as follows:

CAN-2003-0987: "mod_digest issue" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987

CAN-2003-0993: "mod_access on 64-bit platforms" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993

CAN-2004-0492: "buffer overflow in mod_proxy" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492

CAN-2003-0542: "buffer overflows in mod_alias and mod_rewrite" at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542

Solaris 8 sites running Apache should install the patches below to obtain the complete resolution for the Apache module security issues described in Sun Alerts 57628 and 57496. The Solaris 9 paches listed in Sun Alerts 57628 and 57496 are the complete resolution for these issues.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 116973-02

x86 Platform

  • Solaris 8 without patch 116974-02

Notes:

  1. Solaris 9 is not affected by the issue of some Apache module files not being included in the patches.
  2. Solaris 10 is not affected by these Apache security vulnerabilities.
  3. A system is only vulnerable to this issue if Apache Web Server has been configured and is running on the system.

To determine if the Apache (1M) httpd daemon is ruuning on the system, the following command can be run:

    $ /usr/bin/ps -ef | grep httpd
    nobody 103892 102307 0 Jul 20 ? 0:27 /usr/apache/bin/httpd

 


Symptoms

There are no reliable symptoms that would indicate any of the described issues have been exploited to execute arbitrary code on a host as uid 'nobody'. For additional details, see Sun Alert 57628.


Workaround

There is no workaround to this issue.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 116973-02 or later

x86 Platform

  • Solaris 8 with patch 116974-02 or later


References

116973-02
116974-02




Attachments
This solution has no attachment