Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

s700_800 11.X OV ITO7.1X Comm Agt Windows A.07.17 : 

A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS).

s700_800 11.X OV ITO7.1X Comm Agt Tru64 A.07.17 : 

A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS).

s700_800 11.X OV ITO7.1X Comm Agt Solaris A.07.17 : 

A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS).

s700_800 11.X OV ITO7.1X Comm Agt HP-UX 11 IA A.07.17 : 

A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS).

s700_800 11.X OV ITO7.1X Comm Agt AIX A.07.17 : 

A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS).

s700_800 11.X OV ITO7.1X Comm Agt HPUX 11 PA A.07.16 : 

A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS).

s700_800 11.X OV ITO7.1X Comm Agt Linux A.07.16 : 

A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS).

Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution.

Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures.

[ Please note that this advisory supersedes the previous MDKSA-2002:039 and MDKSA-2002:039-1 advisories. ]

MandrakeSoft is urging all users of Mandrake Linux to update their Apache installations immediately. What was previously thought to have been a DoS-only condition has now been proven to be more than that;
exploitable conditions have been discovered on both 32bit and 64bit platforms. Successful exploitation of this vulnerability may lead to the execution of arbitary code on the server running a vulnerable Apache with the permissions of the web server child process (on Mandrake Linux this is the user 'apache'). This can be used to exploit other vulnerabilities that are unrelated to Apache on the local system, and potentially allow the intruder root access.

Thanks to Gobbles for proving that this exploitable condition exists.
Because there are known exploits in the wild for some platforms, this update should be considered essential and should be performed immediately.

All versions of Apache prior to 1.3.26 and 2.0.37 are vulnerable to this problem. MandrakeSoft has provided patched versions of Apache to correct this vulnerability.

Also please note that these packages are no different than those provided in MDKSA-2002:039-1 so if you have already updated, there are no new packages to upgrade.

The remote host is running a version of Apache which is vulnerable to a chunked encoding vulnerability. An attacker may use this flaw to gain a shell on this host.

The Apache Web server contains a security vulnerability which can be used to launch a denial of service (DoS) attack or, in some cases, allow remote code execution.

Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests using 'chunked' encoding.
A carefully crafted invalid request can cause an Apache child process to call the memcpy() function in a way that will write past the end of its buffer, corrupting the stack. On some platforms this can be remotely exploited -- allowing arbitrary code to be run on the server.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0392 to this issue.

All users of Apache should update to these errata packages to correct this security issue.

The remote Apache web server is affected by the Apache web server chunk handling vulnerability. 

If safe checks are enabled, this may be a false positive since it is based on the version of Apache. Although unpatched Apache versions 1.2.2 and above, 1.3 through 1.3.24, and 2.0 through 2.0.36 are affected, the remote server may be running a patched version of Apache.

ID	Name	Product	Family	Severity
22441	HP-UX PHSS_33280 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)	Nessus	HP-UX Local Security Checks	high
22440	HP-UX PHSS_33257 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)	Nessus	HP-UX Local Security Checks	high
22439	HP-UX PHSS_33256 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)	Nessus	HP-UX Local Security Checks	high
22438	HP-UX PHSS_33253 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)	Nessus	HP-UX Local Security Checks	high
22437	HP-UX PHSS_33252 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)	Nessus	HP-UX Local Security Checks	high
22436	HP-UX PHSS_32423 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)	Nessus	HP-UX Local Security Checks	high
22435	HP-UX PHSS_32380 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)	Nessus	HP-UX Local Security Checks	high
14970	Debian DSA-133-1 : apache-perl - remote DoS / exploit	Nessus	Debian Local Security Checks	high
14969	Debian DSA-132-1 : apache-ssl - remote DoS / exploit	Nessus	Debian Local Security Checks	high
14968	Debian DSA-131-1 : apache - remote DoS / exploit	Nessus	Debian Local Security Checks	high
14778	Mandrake Linux Security Advisory : apache (MDKSA-2002:039-2)	Nessus	Mandriva Local Security Checks	high
1495	Apache Chunked Encoding Remote Overflow / DoS	Nessus Network Monitor	Web Servers	high
12305	RHEL 2.1 : apache (RHSA-2002:126)	Nessus	Red Hat Local Security Checks	high
11030	Apache Chunked Encoding Remote Overflow	Nessus	Web Servers	high

Detections

Analytics

CVE-2002-0392

critical

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high