Note: This is an archival copy of Security Sun Alert 201328 as previously published on
Latest version of this security advisory is available from as Sun Alert 1001002.1.
Article ID : 1001002.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-07
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Cobalt "mod_ssl" ("apache-openssl-1.3.x") May Allow Local Account Compromise


Release Phase

Bug Id

Date of Workaround Release

Date of Resolved Release


Apache allows per-directory configuration files. A local user may exploit a vulnerability in Apache through specially crafted ".htaccess" files. Malicious code may be executed through these ".htaccess" files. This may result in possible denial of service and compromise of the web site integrity.

This issue is described at:

Contributing Factors

This issue can occur in the following releases:


  • Sun Cobalt RaQ3(3000R) and apache-openssl-1.3.6-C9export
  • Sun Cobalt ManageRaQ3(3000R-mr) and apache-openssl-1.3.6-C9export
  • Sun Cobalt RaQ4(3001R) and apache-openssl-1.3.12-1C9
  • Sun Cobalt RaQ XTR(3500R) and apache-openssl-1.3.12-1C12
  • Sun Cobalt Qube3(4000WG) and apache-openssl-1.3.12-1C11
  • Sun Cobalt RaQ 550 (4100R) and apache-1.3.20-Alpine-1C8stackguard and openssl-0.9.6-2C1


Unexpected web server behavior such as, adding fake entries to any Apache log file (not only those from the virtualhost the .htaccess lies in), running arbitrary commands as the web server user regardless of "ExecCGI" and "suexec" settings and spoofing replies (sending client web browsers content other than what is on the web site) may be indications that the site has been compromised.


The workaround is to disallow per-directory configuration files by only having "AllowOverride None" directives in your "httpd.conf" file. On most Sun Cobalt platforms this file can be found in the "/etc/httpd/conf" or "/etc/apache/conf" directory.

To activate the changes in the "httpd.conf" file, as root, you must restart the Apache web server by using the command:

 # /etc/rc.d/init.d/httpd restart

Note: If ".htaccess" files are used to control access to restricted areas of web sites, these areas will become UNPROTECTED by this action.


This issue is addressed in the following releases:


  • Sun Cobalt RaQ3(3000R) and RaQ3-All-Security-4.0.1-1-15787.pkg
  • Sun Cobalt ManageRaQ3(3000R-mr) and RaQ3-All-Security-4.0.1-1-15787.pkg
  • Sun Cobalt RaQ4(3001R) and RaQ4-All-Security-2.0.1-2-15787.pkg
  • Sun Cobalt RaQ XTR(3500R) and RaQXTR-All-Security-1.0.1-15787.pkg
  • Sun Cobalt Qube3(4000WG) and Qube3-All-Security-4.0.1-15787.pkg
  • Sun Cobalt RaQ 550 (4100R) and RaQ550-All-Security-0.0.1-15787.pkg
Instructions for downloading the above packages can be found in 1234813.1 in MyOracleSupport.

Modification History
Date: 03-SEP-2002
  • Modified Impact information

Date: 27-JAN-2003
  • State Resolved (and Closed)
  • Updated Contributing Factors and Resolution sections

Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server

This solution has no attachment