Debian Bug report logs - #380182
CVE-2006-3747: off-by-one security problem in mod_rewrite

version graph

Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@lists.debian.org>; Source for apache2 is src:apache2.

Reported by: sf@sfritsch.de

Date: Fri, 28 Jul 2006 08:48:01 UTC

Severity: grave

Tags: patch, security

Found in version apache2/2.0.55-4

Done: Tollef Fog Heen <tfheen@vawad.err.no>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#380182; Package apache2. Full text and rfc822 format available.

Acknowledgement sent to sf@sfritsch.de:
New Bug report received and forwarded. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: sf@sfritsch.de
To: submit@bugs.debian.org
Subject: CVE-2006-3747: off-by-one security problem in mod_rewrite
Date: Fri, 28 Jul 2006 10:04:04 +0200 (CEST)
package: apache2
version: 2.0.55-4
severity: grave
tags: security patch

SECURITY: CVE-2006-3747
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling.  For some RewriteRules this could lead to a pointer being
written out of bounds.  Reported by Mark Dowd of McAfee.

patch is at
http://svn.apache.org/viewvc/httpd/httpd/tags/2.0.59/modules/mappers/mod_rewrite.c?view=log






Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#380182; Package apache2. Full text and rfc822 format available.

Acknowledgement sent to Steve Kemp <skx@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. Full text and rfc822 format available.

Message #10 received at 380182@bugs.debian.org (full text, mbox):

From: Steve Kemp <skx@debian.org>
To: 380182@bugs.debian.org
Cc: sf@sfritsch.de
Subject: Confirmed
Date: Fri, 28 Jul 2006 15:05:24 +0100
  A security advisory is pending.

  This bug applies to both the apache and apache2 packages.  Same 
 fix in both packages, but in different locations...

Steve
-- 




Tags added: fixed Request was from Steve Kemp <skx@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: fixed Request was from Tollef Fog Heen <tfheen@vawad.err.no> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Tollef Fog Heen <tfheen@vawad.err.no>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to sf@sfritsch.de:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #19 received at 380182-done@bugs.debian.org (full text, mbox):

From: Tollef Fog Heen <tfheen@vawad.err.no>
To: 299855-done@bugs.debian.org, 349416-done@bugs.debian.org, 374160-done@bugs.debian.org, 380182-done@bugs.debian.org, 381376-done@bugs.debian.org, control@bugs.debian.org
Subject: Fixed in NMU
Date: Fri, 06 Oct 2006 18:44:50 +0200
tag 299855 - fixed
tag 349416 - fixed
tag 374160 - fixed
tag 380182 - fixed
tag 381376 - fixed
thanks

Those are fixed in an NMU which was accepted by the maintainer, so closing properly.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 5 Aug 2006 21:35:53 +0000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source i386 all
Version: 2.0.55-4.1
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Steve Kemp <skx@debian.org>
Description: 
 apache2    - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0    - the Apache Portable Runtime
 libapr0-dev - development headers for libapr
Closes: 299855 349416 374160 380182 381376
Changes: 
 apache2 (2.0.55-4.1) unstable; urgency=high
 .
   * Non-maintainer upload.  Urgency set to high due to security fixes.
   * Added '052_mod_rewrite_CVE-2006-3747' to fix the off-by-one bug in
     mod_rewrite.
     [CVE-2006-3747].  (Closes: #380182)
   * Added '053_restore_prefix_fix' to allow rebuilding from source.
     (Closes: #374160)
   * Added '054_apr_sendfile' to allow building for Hurd.
     (Closes: #349416)
   * Added '055_expect_CVE-2006-3918' to fix XSS attack in Expect headers.
     [CVE-2006-3918].  (Closes: #381376)
   * Added bash-completion script from Guillaume Rousse.
     (Closes: #299855)
Files: 
 223b02dffbc296dcf0855cae7d6f6859 1134 net optional apache2_2.0.55-4.1.dsc
 34cac9f7ea8697a56ee130560f687af9 116470 net optional apache2_2.0.55-4.1.diff.gz
 40c4f5ddc6e647fcc8abe4804903ead6 2123872 doc optional apache2-doc_2.0.55-4.1_all.deb
 681dff30e6b08474e6d9b49fcaa7c568 807452 net optional apache2-common_2.0.55-4.1_i386.deb
 ab6615b417ed4affe66389bbce800fe5 93222 net optional apache2-utils_2.0.55-4.1_i386.deb
 2a48688e3b47de8c7a0a6185d608fbcb 211658 net optional apache2-mpm-worker_2.0.55-4.1_i386.deb
 fdd54801157e6bd36ba68c77244596bf 212042 net optional apache2-mpm-perchild_2.0.55-4.1_i386.deb
 513ca07e0b20fb6c01c8b7694e633c10 208356 net optional apache2-mpm-prefork_2.0.55-4.1_i386.deb
 51aa0db7789049d0235a76847f9bae4d 170694 devel optional apache2-prefork-dev_2.0.55-4.1_i386.deb
 101040cfbdab20d7905c4b2715dc145c 171446 devel optional apache2-threaded-dev_2.0.55-4.1_i386.deb
 8903bed1cae49fd6cbdbb257529e3bf5 137450 net optional libapr0_2.0.55-4.1_i386.deb
 f52a39811ae1212260eb2f2011135291 266536 libdevel optional libapr0-dev_2.0.55-4.1_i386.deb
 83ef811301c7bfe380ae939a3a73cf72 35604 web optional apache2_2.0.55-4.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE1RIKwM/Gs81MDZ0RAm6OAJ989piJWwpIaxKGfohSvyaxI0KsfwCeLThA
k8Ldo9vjUYbm86AnH4D2Doo=
=+WoX
-----END PGP SIGNATURE-----



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 19 Jun 2007 03:28:52 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 09:51:01 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.