Conectiva fixes Apache vulnerabilities
Conectiva recommends Apache users update their packages to fix several denial-of-service and buffer-overflow vulnerabilities in mod_ssl and mod_dav. Conectiva's advisory said the problems are:
- A denial of service in ap_get_mime_headers_core() function. The ap_get_mime_headers_core() function in Apache httpd 2.0.49 can allow a remote attacker to cause a denial of service.
- A buffer overflow in the .htaccess files handler in Apache 2.0.50 and earlier can allow local attackers to gain Apache privileges via a .htaccess file that causes the buffer overflow during expansion of environment variables.
- A denial of service in mod_ssl in Apache 2.0.50 and earlier can allow remote attackers to cause a denial of service by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
- A denial of service in the char_buffer_read() function in the mod_ssl module for Apache 2.x when using reverse proxying to an SSL server can allow remote attackers to cause a denial of service.
- A denial of service in IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier can allow remote attackers to cause a denial of service (child process crash) via a certain URI.
- A denial of service in mod_dav forApache 2.0.50 and earlier that allows remote attackers to cause a denial of service (child process crash) via a certain sequence of lock requests for a location that allows WebDAV authoring access.
Gentoo fixes Linux flaw
Gentoo Linux has also issued an update to fix a bug in the way Apache handles the Satisfy directive. The vulnerability could allow all visitors to the Web server to view protected directories, the advisory said.
Patches fix vulnerabilities in JRun server
Patches have been released to fix multiple vulnerabilities in the JRun server an attacker could exploit to hijack an authenticated user's session, conduct cross-site scripting attacks, disclose sensitive information and cause a denial of service. Copenhagen, Denmark-based security firm Secunia said the problems include an implementation error in the generation and handling of JSESSIONIDs that can be exploited to hijack an authenticated user's session; a cross-site scripting and session handling vulnerability in the JRun management console an attacker could use to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site or hijack an authenticated user's session; a URL parsing error that can be used to show the source of any file such as script files inside the Web root by appending ";.cfm" to the end of an URL; and a boundary error in the verbose logging module that can be exploited to cause the Web server to crash. Secunia said the vulnerabilities have been reported in versions 3.0, 3.1 and 4.0.
Vulnerability in Sophos Small Business Suite
Reston, Va.-based security firm iDefense has reported a vulnerability in Sophos' Small Business Suite. The advisory said the Small Business Suite -- which includes Sophos PureMessage Small Business Edition and Sophos Anti-Virus Small Business Edition -- has a design vulnerability that allows malicious code to evade detection. "The problem specifically exists in attempts to scan files and directories named as reserved MS-DOS devices," the advisory said. "These represent devices such as the first printer port … and first serial communication port. If malicious code embeds itself within a reserved device name, it can avoid detection by Small Business Suite when the system is scanned. Malicious code can also potentially use reserved device names to bypass e-mail scanning, thereby potentially delivering hostile payloads to users." iDefense said Sophos plans to fix the problem in version 3.86.Co
Securepoint defends hiring worm writer
The German security company that's hired Sasser worm writer Sven Jaschan says it's not a publicity stunt but more like an intervention to save his skills from being put to more criminal use. Lutz Hausmann, CTO of Securepoint, told the San Jose Mercury News's Silicon.com that he believes Jaschan, 18, regrets his earlier actions and, by the way, was the most qualified candidate for the job. "The kid was just an immature boy with mindless intent, nothing more," Hausmann said. "Certainly, he will get a strong sentence. He will never do such a thing again." Jaschan reportedly confessed to creating the Sasser and Netsky worms after his arrest earlier this year, which was prompted by virus writers who tipped off authorities in exchange for a cash reward. He awaits trial and could receive up to five years in prison.
Dig Deeper on Web Server Threats and Countermeasures