Bugzilla – Bug 887765
VUL-0: CVE-2014-0226: apache2: mod_status heap-based buffer overflow
Last modified: 2014-09-02 14:08:09 UTC
CVE-2014-0226 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updating of mod_status. A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with handler server-status and other endpoints. By abusing this flaw, an attacker can possibly disclose credentials or leverage this situation to achieve remote code execution. References: https://bugzilla.redhat.com/show_bug.cgi?id=1120603 http://httpd.apache.org/security/vulnerabilities_24.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226 http://www.zerodayinitiative.com/advisories/ZDI-14-236/
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-07-24. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58331
Affected packages: SLE-10-SP3-TERADATA: apache2 SLE-11-SP3: apache2
The 2.2 code is different in that the 2.2.12 code does not even have the ap_get_scoreboard_worker_from_indexes() function. I'm trying to determine if the race is similarly present in the 2.2 code.
bugbot adjusting priority
Created attachment 599270 [details] patch against SLES11 apache affirmative. Official (upstream) changeset is: http://svn.apache.org/r1610499
This is an autogenerated message for OBS integration: This bug (887765) was mentioned in https://build.opensuse.org/request/show/242399 Evergreen:11.4 / apache2.openSUSE_Evergreen_11.4
SUSE-SU-2014:0967-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 859916,869105,869106,887765,887768 CVE References: CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): apache2-2.2.12-1.46.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): apache2-2.2.12-1.46.1 SUSE Linux Enterprise Server 11 SP3 (src): apache2-2.2.12-1.46.1
openSUSE-SU-2014:0969-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 859916,869105,869106,871309,887765,887768 CVE References: CVE-2013-5705,CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231 Sources used: openSUSE 11.4 (src): apache2-2.2.17-80.1, apache2-mod_security2-2.7.5-16.1
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-08-26. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58625
openSUSE-SU-2014:1044-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 869105,869106,887765,887767,887768,887771 CVE References: CVE-2013-4352,CVE-2013-6438,CVE-2014-0098,CVE-2014-0117,CVE-2014-0226,CVE-2014-0231 Sources used: openSUSE 13.1 (src): apache2-2.4.6-6.27.1
openSUSE-SU-2014:1045-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 869105,869106,887765,887768 CVE References: CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231 Sources used: openSUSE 12.3 (src): apache2-2.2.22-10.12.1
was released today