Oracle Solaris Third-Party Patch Update : apache (cve_2011_3607_buffer_overflow)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Integer overflow in the ap_pregsub function in
server/util.c in the Apache HTTP Server 2.0.x through
2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges
via a .htaccess file with a crafted SetEnvIf directive,
in conjunction with a crafted HTTP request header,
leading to a heap-based buffer overflow. (CVE-2011-3607)

- The mod_proxy module in the Apache HTTP Server 2.0.x
through 2.0.64, and 2.2.x through 2.2.21, when the
Revision 1179239 patch is in place, does not properly
interact with use of (1) RewriteRule and (2)
ProxyPassMatch pattern matches for configuration of a
reverse proxy, which allows remote attackers to send
requests to intranet servers via a malformed URI
containing an @ (at sign) character and a : (colon)
character in invalid positions. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2011-3368.
(CVE-2011-4317)

- scoreboard.c in the Apache HTTP Server 2.2.21 and
earlier might allow local users to cause a denial of
service (daemon crash during shutdown) or possibly have
unspecified other impact by modifying a certain type
field within a scoreboard shared memory segment, leading
to an invalid call to the free function. (CVE-2012-0031)

- protocol.c in the Apache HTTP Server 2.2.x through
2.2.21 does not properly restrict header information
during construction of Bad Request (aka 400) error
documents, which allows remote attackers to obtain the
values of HTTPOnly cookies via vectors involving a (1)
long or (2) malformed header in conjunction with crafted
web script. (CVE-2012-0053)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?4ab21207
http://www.nessus.org/u?c725688c
http://www.nessus.org/u?0d9515f8
http://www.nessus.org/u?c7319917

Solution :

Upgrade to Solaris 11/11 SRU 6.6.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80582 ()

Bugtraq ID:

CVE ID: CVE-2011-3607
CVE-2011-4317
CVE-2012-0031
CVE-2012-0053

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now