Mandrake Linux Security Advisory : apache (MDKSA-2003:103)
Critical Nessus Plugin ID 14085
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems.
As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used.
Apache version 2.0.48 and 1.3.29 were released upstream to correct these bugs; backported patches have been applied to the provided packages.
SolutionUpdate the affected packages.