Results 1 to 3 of 3

Thread: Apache update opens the door to a bigger threat

  1. #1
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Huson Mt.

    Apache update opens the door to a bigger threat


    The Apache Software Foundation recently released a software update that fixed a number of problems but also introduced a dangerous new security threat.

    There have been a number of recent Apache Web Server vulnerabilities that require the attention of administrators, security professionals, and Webmasters. The threats pose various levels of danger and some can be exploited remotely

    The most recent vulnerability is a remotely exploitable threat that can allow an attacker to compromise access controls. This is being referred to as the �Satisfy� directory threat. You can see the original advisory here (scroll down to the description). The threat from this vulnerability is that some password-protected folders won�t be protected if you update to Apache version 2.0.51.

    A locally exploitable buffer overrun vulnerability in the configuration file variable .htaccess (Bugtraq ID 11182, CAN-2004-0747) affects a large number of Apache 2.x versions and is found in most Linux versions, including Mandrake, SuSE, Red Hat, and others. This threat has caused a number of users to update to version 2.0.51, making a large number of systems vulnerable to the remotely exploitable Satisfy vulnerability described above.
    To fix one problem, you have to potenually open yourself to another.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  2. #2
    Senior Member
    Join Date
    Oct 2002
    To fix one problem, you have to potenually open yourself to another.
    Point well taken, every single patch opens a gateway to a whole new slew of problems/vulnerabilities. Nice article, moxnix.
    Space For Rent.. =]

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Just to make it clear to people:

    - The "Satisfy" vulnerability only affects servers with specific complex authentication configurations, and even in the worst case scenario it only exposes private data, does not allow code execution or anything (unless combined with some other vuln)
    - The Rewrite vulnerability only affects sites using the rewrite module - which is disabled by default and is used very rarely.
    - The .htaccess code execution vulnerability is only an issue if users who are allowed to write .htaccess files are not allowed to execute arbritary code anyway. Most of them are, as they are allowed to create PHP or CGI programs or have shell access. It could of course potentially be used in an escalation exploit from some other vulnerability.

    None of them is something I'd consider serious - although of course patching is a good idea. 2.0.52 has been released and is not vulnerable to any of them.

    I have of course upgraded my server, even though I don't believe its configuration is affected by any of the above anyway.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts