[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#545951: marked as done (CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS)

Your message dated Fri, 16 Oct 2009 19:58:32 +0000
with message-id <E1Myswa-000382-46@ries.debian.org>
and subject line Bug#545951: fixed in apache2 2.2.9-10+lenny5
has caused the Debian Bug report #545951,
regarding CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
545951: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545951
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apache2.2-common
Version: 2.2.12-1
Severity: normal
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for apache2.

CVE-2009-3094[0]:
| The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the
| mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13
| allows remote FTP servers to cause a denial of service (NULL pointer
| dereference and child process crash) via a malformed reply to an EPSV
| command.
NOTE: as of 20090910 this disclosure has no actionable information
NOTE: based on a VulnDisco commercial 0day

CVE-2009-3095[1]:
| The mod_proxy_ftp module in the Apache HTTP Server allows remote
| attackers to bypass intended access restrictions and send arbitrary
| commands to an FTP server via vectors related to the embedding of
| these commands in the Authorization HTTP header, as demonstrated by a
| certain module in VulnDisco Pack Professional 8.11.  NOTE: as of
| 20090903, this disclosure has no actionable information. However,
| because the VulnDisco Pack author is a reliable researcher, the issue
| is being assigned a CVE identifier for tracking purposes.
NOTE: mod_proxy_ftp should be enabled. with -mpm-prefork only a child crashes, not a really DoS
NOTE: when doing reverse proxy, servers to which requests are proxied are usually trusted

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
    http://security-tracker.debian.net/tracker/CVE-2009-3094
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
    http://security-tracker.debian.net/tracker/CVE-2009-3095


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqotOkACgkQNxpp46476ar6FwCeMtLWlTSFzMgYQXHELSpCSXOM
Nv0AnReVdv6JuBkn0rEmhy8WmJBKzCAp
=fwCl
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: apache2
Source-Version: 2.2.9-10+lenny5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-dbg_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-dbg_2.2.9-10+lenny5_i386.deb
apache2-doc_2.2.9-10+lenny5_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.9-10+lenny5_all.deb
apache2-mpm-event_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny5_i386.deb
apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
apache2-src_2.2.9-10+lenny5_all.deb
  to pool/main/a/apache2/apache2-src_2.2.9-10+lenny5_all.deb
apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
apache2-suexec_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-suexec_2.2.9-10+lenny5_i386.deb
apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
apache2-utils_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.9-10+lenny5_i386.deb
apache2.2-common_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.9-10+lenny5_i386.deb
apache2_2.2.9-10+lenny5.diff.gz
  to pool/main/a/apache2/apache2_2.2.9-10+lenny5.diff.gz
apache2_2.2.9-10+lenny5.dsc
  to pool/main/a/apache2/apache2_2.2.9-10+lenny5.dsc
apache2_2.2.9-10+lenny5_all.deb
  to pool/main/a/apache2/apache2_2.2.9-10+lenny5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 545951@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 05 Oct 2009 19:07:08 +0200
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source i386 all
Version: 2.2.9-10+lenny5
Distribution: stable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-src - Apache source code
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-common - Apache HTTP Server common files
Closes: 517089 524268 528951 537665 545951
Changes: 
 apache2 (2.2.9-10+lenny5) stable; urgency=low
 .
   * Minor security fixes in mod_proxy_ftp (closes: #545951):
     - DoS by malicious ftp server (CVE-2009-3094)
     - missing input sanitization: a user could execute arbitrary ftp commands
       on the backend ftp server (CVE-2009-3095)
   * Fix segfault in legacy ap_r* API which is triggered more often since
     the fix for CVE-2009-1891 was applied (closes: #537665).
   * Take care to not override existing index.shtml files when upgrading from
     before 2.2.8-1 (closes: #517089).
   * mod_deflate: Fix invalid etag to be emitted for on-the-fly gzip
     content-encoding. This prevented apache from sending "304 NOT MODIFIED"
     responses for compressed content.
   * mod_rewrite: Fix "B" flag breakage (closes: #524268)
   * Properly declare that apache2-suexec* replace files in old versions of
     apache2.2-common (closes: #528951).
   * Remove other_vhosts_access.log on package purge.
Checksums-Sha1: 
 4cd35bacf4367636f64b061ac25fe41792e80ce8 1674 apache2_2.2.9-10+lenny5.dsc
 9d73dbc120d1b61cc0b8f74a949df7890403c22b 142370 apache2_2.2.9-10+lenny5.diff.gz
 2a7f19ab0f9ff14facf562cb329fdb85e1dcb2a8 782656 apache2.2-common_2.2.9-10+lenny5_i386.deb
 cdb0f46d11ede65702cddc69e7bdf7fdb025cc11 241510 apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
 d01781a04e2314f4663f714a7ebff582ccb4418c 238480 apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
 6e22292309b13aec0e087dded68011f1f8343041 241964 apache2-mpm-event_2.2.9-10+lenny5_i386.deb
 eff93d624f98e78fd21e4cf8c593c39c7e62eea0 144090 apache2-utils_2.2.9-10+lenny5_i386.deb
 bcb27f5d5017f69f83d167169aa89f4698dbcd8f 82550 apache2-suexec_2.2.9-10+lenny5_i386.deb
 c0e1a8c9646e5aad8619b3b52f6e46aed2d9d61d 84198 apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
 3554646b49f15c750a3c23113e74577437f892ff 211154 apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
 fba7e333c7f21cb0ff22647eecd836128a34c02f 212460 apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
 a90f5a3996472ab6aa545851be1add2e2a90c123 2315310 apache2-dbg_2.2.9-10+lenny5_i386.deb
 cc4b9f2000f1642fe2e7a8e21fcf63bb622082c7 45096 apache2_2.2.9-10+lenny5_all.deb
 d1160b790d86d31372ee178789a37142a9272068 2060758 apache2-doc_2.2.9-10+lenny5_all.deb
 e2e67571bcc95c914ada5c1aa35ac189babece4d 6732286 apache2-src_2.2.9-10+lenny5_all.deb
Checksums-Sha256: 
 2b4fc052962e6336830c99b8cc4ccb9ea327ff1b1a236e5159d6608c5432bfd4 1674 apache2_2.2.9-10+lenny5.dsc
 af4750a36287fb34f50c876723889378c26483ab03ee7f7e58ef240b7fc4d303 142370 apache2_2.2.9-10+lenny5.diff.gz
 7e353ab812a5011304093ef347176acc3ce83eba4a85a8728c2583e514f62cda 782656 apache2.2-common_2.2.9-10+lenny5_i386.deb
 6e8723a506733f7d9481607a012f2641b209d75086c12a82524d94258bb16371 241510 apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
 6c3743c3ec5f8c95c9b93f23891021a33715d95e9c76cdb2383060a6d5ac0027 238480 apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
 da5d06deaf139008c3f93f39c5153454479ac0114aa90cf1b62bf77cf7016e39 241964 apache2-mpm-event_2.2.9-10+lenny5_i386.deb
 2d0367e4ad03714cdb3a703d180ca0645c287996a525f30607cb708fc1cc0543 144090 apache2-utils_2.2.9-10+lenny5_i386.deb
 f9cb2b6370e275bcbc0550c423b660298698774264be2b11965c9638e6be8372 82550 apache2-suexec_2.2.9-10+lenny5_i386.deb
 1b392eef4c38a9017c702738621f120d0c16d51bd3a1ba090acc019513460627 84198 apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
 5e8bc5cbcd4f1ff2e3898226ce35d595dc71df635983672990222535e296541b 211154 apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
 d485ebce33f62e60221013a0fa8c2d0554ff0f1e1b235a7b9b91624407cfce3d 212460 apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
 8d3b9c3c508cda66401d2e021e0e56e0502e3cb14c4c8b502215584cc2d8d47b 2315310 apache2-dbg_2.2.9-10+lenny5_i386.deb
 72e576b2aff702793f53e0a25597b241c24978f95fdbf62581d08ee39bdf2bf2 45096 apache2_2.2.9-10+lenny5_all.deb
 a0825424647d29a523991c390d0f211e341219600b4fcbefb155c826adab7206 2060758 apache2-doc_2.2.9-10+lenny5_all.deb
 70115c44791f64197034553ab42ab6e47f90d9a3ca514942e4ba129839179cfe 6732286 apache2-src_2.2.9-10+lenny5_all.deb
Files: 
 af4959f5d19a41499227492ab5a1ad0b 1674 web optional apache2_2.2.9-10+lenny5.dsc
 e0248c2405b395a7764a63293ad4a7aa 142370 web optional apache2_2.2.9-10+lenny5.diff.gz
 77096cd161c26931b4056fb95a1557ef 782656 web optional apache2.2-common_2.2.9-10+lenny5_i386.deb
 acc6fe5a6f95a25678f358481291bc2f 241510 web optional apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
 808c0f7d0e7d9de2ed6ac968a5b1ad64 238480 web optional apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
 d0435d86316e0ed664ff34f9257be791 241964 web optional apache2-mpm-event_2.2.9-10+lenny5_i386.deb
 6d912ecf32d064b7ff40d7bee13ccd55 144090 web optional apache2-utils_2.2.9-10+lenny5_i386.deb
 ce8c2e3b263f4af1e76fa1ac9190ed2c 82550 web optional apache2-suexec_2.2.9-10+lenny5_i386.deb
 356fb4544d50d55d7db777721828b302 84198 web extra apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
 796706af29f60b63656f69d5fe4666b9 211154 devel extra apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
 b12a7b066f2a4b75414dc149f4d057a7 212460 devel extra apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
 d5ef2bc8ffef29d5c56fe947d7237453 2315310 libdevel extra apache2-dbg_2.2.9-10+lenny5_i386.deb
 676c152d136010dafcb21af27b97f103 45096 web optional apache2_2.2.9-10+lenny5_all.deb
 7755ddf1f1da4cda8cfe38789e14d545 2060758 doc optional apache2-doc_2.2.9-10+lenny5_all.deb
 1e15a9c0e64aed90f14342f85af2a237 6732286 devel extra apache2-src_2.2.9-10+lenny5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFKyi3kbxelr8HyTqQRArCNAKC8ybX0A26QjotH/mEoC5XHB5QzwQCcDdka
YtBLTWBjhTp31i4aAzgCdAo=
=2E/y
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: