FreeBSD : apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long) (cae01d7b-110d-11df-955a-00219b0fc4d8)

high Nessus Plugin ID 44390

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Apache ChangeLog reports :

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

Solution

Update the affected packages.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2010-0010

http://www.security-database.com/detail.php?alert=CVE-2010-0010

https://security-tracker.debian.org/tracker/CVE-2010-0010

https://www.ovh.co.uk/mail/

http://www.nessus.org/u?967e9e0d

Plugin Details

Severity: High

ID: 44390

File Name: freebsd_pkg_cae01d7b110d11df955a00219b0fc4d8.nasl

Version: 1.14

Type: local

Published: 2/4/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:apache, p-cpe:/a:freebsd:freebsd:apache%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_perl, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_accel, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_accel%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_accel%2bmod_deflate, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_accel%2bmod_deflate%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_deflate, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_deflate%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_accel, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_accel%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_accel%2bmod_deflate%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_deflate, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_deflate%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bssl, p-cpe:/a:freebsd:freebsd:apache_fp, p-cpe:/a:freebsd:freebsd:ru-apache, p-cpe:/a:freebsd:freebsd:ru-apache%2bmod_ssl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/3/2010

Vulnerability Publication Date: 6/30/2009