Bugzilla – Bug 538322
VUL-0: CVE-2009-3095: apache2: mod_proxy_ftp bypass intended access restrictions and DoS
Last modified: 2015-09-25 13:16:33 UTC
Hi. There is a security bug in 'apache2'. This bug is public. There is no coordinated release date (CRD) set. CVE number: CVE-2009-3095 CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 Original posting: send arbitrary CVE-ID: CVE-2009-3095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Current Votes: None (candidate not yet proposed)
CVE-2009-3094 Description The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
MaintenanceTracker-25282
no information received on how to fix yet, cve entry is without any refs
CVE-2009-3095: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
http://svn.apache.org/viewvc?view=revision&sortby=date&revision=814847
http://svn.apache.org/viewvc?view=revision&sortby=date&revision=814844 too
submitted fixed packages and patchinfos for sles9,sle10sp2,sp3,10.3,11.0,sle11,stable
Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-utils, apache2-worker Products: openSUSE 10.3 (i386, ppc, x86_64) openSUSE 11.0 (debug, i386, ppc, x86_64) openSUSE 11.1 (debug, i586, ppc, x86_64)
released updates.
Update released for: apache2, apache2-devel, apache2-doc, apache2-example-pages, apache2-leader, apache2-metuxmpm, apache2-perchild, apache2-prefork, apache2-worker, libapr0 Products: Novell-Linux-Desktop 9 (i386, x86_64) Novell-Linux-POS 9 (i386) Open-Enterprise-Server 9 (i386) SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
Update released for: apache2, apache2-debuginfo, apache2-debugsource, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-utils, apache2-worker Products: SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)
Update released for: apache2, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker Products: SLE-DEBUGINFO 10-SP2 (i386, ia64, ppc, s390x, x86_64) SLE-SDK 10-SP2 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP2 (i386, ia64, ppc, s390x, x86_64)
Update released for: apache2, apache2-debuginfo, apache2-devel, apache2-doc, apache2-event, apache2-example-pages, apache2-prefork, apache2-worker Products: SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)