You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2010/03/07 21:12:21 UTC
svn commit: r920084 - in /httpd/site/trunk:
docs/security/vulnerabilities-oval.xml docs/security/vulnerabilities_22.html
xdocs/security/vulnerabilities-httpd.xml
Author: mjc
Date: Sun Mar 7 20:12:21 2010
New Revision: 920084
URL: http://svn.apache.org/viewvc?rev=920084&view=rev
Log:
Just make it clear this is a flaw only affecting Windows
installations that use mod_isapi. These entries need a bit
more cleanup, but another day
Modified:
httpd/site/trunk/docs/security/vulnerabilities-oval.xml
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities-oval.xml?rev=920084&r1=920083&r2=920084&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities-oval.xml (original)
+++ httpd/site/trunk/docs/security/vulnerabilities-oval.xml Sun Mar 7 20:12:21 2010
@@ -51,13 +51,13 @@
<title>mod_isapi module unload flaw</title>
<reference source="CVE" ref_id="CVE-2010-0425" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425"/>
<description>
-Brett Gervasoni of Sense of Security reported a flaw with proposed patch fix
-within mod_isapi, which would attempt to unload the ISAPI dll when it
+Brett Gervasoni of Sense of Security reported and proposed a patch fix
+for a flaw with within mod_isapi, which would attempt to unload the ISAPI dll when it
encountered various error states. This could leave the callbacks in an
-undefined state and result in a segfault. As the remote attacker could
-send a malicious request to trigger this issue, and win32 mpm runs only one
+undefined state and result in a segfault. On Windows platforms using mod_isapi, a
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
process, this would result in a denial of service, and potentially allow
-for arbitrary code execution.
+arbitrary code execution.
</description>
<apache_httpd_repository>
<public>20100302</public>
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=920084&r1=920083&r2=920084&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Sun Mar 7 20:12:21 2010
@@ -105,13 +105,13 @@
</b>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425">CVE-2010-0425</a>
<p>
-Brett Gervasoni of Sense of Security reported a flaw with proposed patch fix
-within mod_isapi, which would attempt to unload the ISAPI dll when it
+Brett Gervasoni of Sense of Security reported and proposed a patch fix
+for a flaw with within mod_isapi, which would attempt to unload the ISAPI dll when it
encountered various error states. This could leave the callbacks in an
-undefined state and result in a segfault. As the remote attacker could
-send a malicious request to trigger this issue, and win32 mpm runs only one
+undefined state and result in a segfault. On Windows platforms using mod_isapi, a
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
process, this would result in a denial of service, and potentially allow
-for arbitrary code execution.
+arbitrary code execution.
</p>
</dd>
<dd>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=920084&r1=920083&r2=920084&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Sun Mar 7 20:12:21 2010
@@ -37,13 +37,13 @@
<severity level="2">important</severity>
<title>mod_isapi module unload flaw</title>
<description><p>
-Brett Gervasoni of Sense of Security reported a flaw with proposed patch fix
-within mod_isapi, which would attempt to unload the ISAPI dll when it
+Brett Gervasoni of Sense of Security reported and proposed a patch fix
+for a flaw with within mod_isapi, which would attempt to unload the ISAPI dll when it
encountered various error states. This could leave the callbacks in an
-undefined state and result in a segfault. As the remote attacker could
-send a malicious request to trigger this issue, and win32 mpm runs only one
+undefined state and result in a segfault. On Windows platforms using mod_isapi, a
+remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
process, this would result in a denial of service, and potentially allow
-for arbitrary code execution.
+arbitrary code execution.
</p></description>
<affects prod="httpd" version="2.2.14"/>
<affects prod="httpd" version="2.2.13"/>
Re: svn commit: r920084 - in /httpd/site/trunk: docs/security/vulnerabilities-oval.xml
docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 3/7/2010 2:12 PM, mjc@apache.org wrote:
> Author: mjc
> Date: Sun Mar 7 20:12:21 2010
> New Revision: 920084
>
> URL: http://svn.apache.org/viewvc?rev=920084&view=rev
> Log:
> Just make it clear this is a flaw only affecting Windows
> installations that use mod_isapi. These entries need a bit
> more cleanup, but another day
/ditto
> +undefined state and result in a segfault. On Windows platforms using mod_isapi, a
> +remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one
not only using mod_isapi, but further configured to load a dll subject to exploitation.
Long explanation, so I was specific to use the phrase 'potentially allow arbitrary
code execution'.
Thanks for the edits!