Note: This is an archival copy of Security Sun Alert 201328 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001002.1.
Article ID : 1001002.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-07
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Cobalt "mod_ssl" ("apache-openssl-1.3.x") May Allow Local Account Compromise

Category
Security

Release Phase
Resolved

Bug Id
15577

Date of Workaround Release
03-JUL-2002

Date of Resolved Release
27-JAN-2003

Impact

Apache allows per-directory configuration files. A local user may exploit a vulnerability in Apache through specially crafted ".htaccess" files. Malicious code may be executed through these ".htaccess" files. This may result in possible denial of service and compromise of the web site integrity.

This issue is described at:

http://online.securityfocus.com/advisories/4254


Contributing Factors

This issue can occur in the following releases:

Intel

  • Sun Cobalt RaQ3(3000R) and apache-openssl-1.3.6-C9export
  • Sun Cobalt ManageRaQ3(3000R-mr) and apache-openssl-1.3.6-C9export
  • Sun Cobalt RaQ4(3001R) and apache-openssl-1.3.12-1C9
  • Sun Cobalt RaQ XTR(3500R) and apache-openssl-1.3.12-1C12
  • Sun Cobalt Qube3(4000WG) and apache-openssl-1.3.12-1C11
  • Sun Cobalt RaQ 550 (4100R) and apache-1.3.20-Alpine-1C8stackguard and openssl-0.9.6-2C1

Symptoms

Unexpected web server behavior such as, adding fake entries to any Apache log file (not only those from the virtualhost the .htaccess lies in), running arbitrary commands as the web server user regardless of "ExecCGI" and "suexec" settings and spoofing replies (sending client web browsers content other than what is on the web site) may be indications that the site has been compromised.


Workaround

The workaround is to disallow per-directory configuration files by only having "AllowOverride None" directives in your "httpd.conf" file. On most Sun Cobalt platforms this file can be found in the "/etc/httpd/conf" or "/etc/apache/conf" directory.

To activate the changes in the "httpd.conf" file, as root, you must restart the Apache web server by using the command: 

 # /etc/rc.d/init.d/httpd restart

Note: If ".htaccess" files are used to control access to restricted areas of web sites, these areas will become UNPROTECTED by this action.


Resolution

This issue is addressed in the following releases:

Intel

  • Sun Cobalt RaQ3(3000R) and RaQ3-All-Security-4.0.1-1-15787.pkg
  • Sun Cobalt ManageRaQ3(3000R-mr) and RaQ3-All-Security-4.0.1-1-15787.pkg
  • Sun Cobalt RaQ4(3001R) and RaQ4-All-Security-2.0.1-2-15787.pkg
  • Sun Cobalt RaQ XTR(3500R) and RaQXTR-All-Security-1.0.1-15787.pkg
  • Sun Cobalt Qube3(4000WG) and Qube3-All-Security-4.0.1-15787.pkg
  • Sun Cobalt RaQ 550 (4100R) and RaQ550-All-Security-0.0.1-15787.pkg
Instructions for downloading the above packages can be found in 1234813.1 in MyOracleSupport.

Modification History
Date: 03-SEP-2002
  • Modified Impact information

Date: 27-JAN-2003
  • State Resolved (and Closed)
  • Updated Contributing Factors and Resolution sections


Product
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server




Attachments
This solution has no attachment