French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Fedora Security Update Fixes Apache httpd "mod_rewrite" Buffer Overflow Vulnerability

Title : Fedora Security Update Fixes Apache httpd "mod_rewrite" Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2006-3050
CVE ID : CVE-2006-3747
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-31

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Fedora has released updated packages to address a vulnerability identified in Apache httpd [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

8d3b53893059ae157e97020f526cd19b727b6b07 SRPMS/httpd-2.2.2-1.2.src.rpm
8d3b53893059ae157e97020f526cd19b727b6b07 noarch/httpd-2.2.2-1.2.src.rpm
c6e260470e3b3dc3ff7a405d8da8030a0aee25a1 ppc/mod_ssl-2.2.2-1.2.ppc.rpm
9421d2e77c8dc6713eb7fb01c27b95014c93851b ppc/debug/httpd-debuginfo-2.2.2-1.2.ppc.rpm
11d79c4daeb39b606eb19e715dc656a048f91132 ppc/httpd-2.2.2-1.2.ppc.rpm
d8b703262d835cfc5c759b0713f701361fe34492 ppc/httpd-manual-2.2.2-1.2.ppc.rpm
8a918c5f0958fef564556dd97925e97abeb58454 ppc/httpd-devel-2.2.2-1.2.ppc.rpm
89b0ff637e96e67eb5ca8cb949caf239f3fe526a x86_64/mod_ssl-2.2.2-1.2.x86_64.rpm
19fc5d68d4c25965a7cdc5f54af83e628c6302f1 x86_64/debug/httpd-debuginfo-2.2.2-1.2.x86_64.rpm
eb3dd7f7720da22479fefbd769bb7f4be28d77b6 x86_64/httpd-devel-2.2.2-1.2.x86_64.rpm
010ff13be32b86ae750a94e0b3950484f80907a7 x86_64/httpd-2.2.2-1.2.x86_64.rpm
9a638a1a7ae2dd82b78c431d4115231046d39bde x86_64/httpd-manual-2.2.2-1.2.x86_64.rpm
fe1dfd67f25b3cbf887e371f990939b45098d86f i386/httpd-devel-2.2.2-1.2.i386.rpm
d2c290eb660baa41d4ae1c144733d117a60c3e0f i386/httpd-2.2.2-1.2.i386.rpm
8dd2affc726f93482a831a6ce78e7ea319575c73 i386/debug/httpd-debuginfo-2.2.2-1.2.i386.rpm
43faee2d157ce07431100a0560f7bf3d7eeae8f1 i386/mod_ssl-2.2.2-1.2.i386.rpm
fc616885d243a7b6a98d545045d65690994ccb2e i386/httpd-manual-2.2.2-1.2.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

81317d5161ff11f6deab496b0562119d0bfc0990 SRPMS/httpd-2.0.54-10.4.src.rpm
81317d5161ff11f6deab496b0562119d0bfc0990 noarch/httpd-2.0.54-10.4.src.rpm
b88cd0f579e2bc914ee974bf426b1a2c8b3b7fb2 ppc/httpd-2.0.54-10.4.ppc.rpm
caed7cf66d784e66969ed8cada0ecfca9212b5ef ppc/httpd-devel-2.0.54-10.4.ppc.rpm
2b0402a1eb83397b24626d78fae0425a1c3a6817 ppc/httpd-manual-2.0.54-10.4.ppc.rpm
883017704eee9b39ffdd6ccf52ad933a51f6ca27 ppc/mod_ssl-2.0.54-10.4.ppc.rpm
0ab368e365f817e9dcd4dcccfc6c0f8898a1f6db ppc/debug/httpd-debuginfo-2.0.54-10.4.ppc.rpm
d27f116a3c7b2f64da314578aa6da7eac590ce34 x86_64/httpd-2.0.54-10.4.x86_64.rpm
14e761d0f7aa7b1f15e0d6c6f8861e0d138ec8e1 x86_64/httpd-devel-2.0.54-10.4.x86_64.rpm
f35c3789a97243bc06bb9c04a749c6f148c85b6b x86_64/httpd-manual-2.0.54-10.4.x86_64.rpm
387155db70ff3e93a23c5cbf0a27548381569170 x86_64/mod_ssl-2.0.54-10.4.x86_64.rpm
571ed80d32e00125ffc279cc96cbac57be4f9bc2 x86_64/debug/httpd-debuginfo-2.0.54-10.4.x86_64.rpm
f8ce1790f54264d675912055f91b4148751a4eec i386/httpd-2.0.54-10.4.i386.rpm
c76b6c07cb048b901e569ec02375dfd3570c78c7 i386/httpd-devel-2.0.54-10.4.i386.rpm
d827df74b0a5dbc5e595d84d00ad648fbd4d0da7 i386/httpd-manual-2.0.54-10.4.i386.rpm
5e0c509e87c6a9875c7df3bb1a239adcb4f1169f i386/mod_ssl-2.0.54-10.4.i386.rpm
e7f948349cdbe8b6442eb30c53571a5880506c6d i386/debug/httpd-debuginfo-2.0.54-10.4.i386.rpm

ChangeLog

2006-07-31 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability

Microsoft Office OneNote URL Code Execution (MS08-055)

Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

Microsoft Windows Event System Code Execution (MS08-049)

IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities

IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM DB2 Universal Database Multiple Denial of Service

IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability

IBM WebSphere Application Server Cross Site Scripting Vulnerability

IBM DB2 CLR Stored Procedures Unspecified Vulnerability

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy