Bug 887765 - (CVE-2014-0226) VUL-0: CVE-2014-0226: apache2: mod_status heap-based buffer overflow
(CVE-2014-0226)
VUL-0: CVE-2014-0226: apache2: mod_status heap-based buffer overflow
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Roman Drahtmueller
Security Team bot
https://smash.suse.de/issue/103729/
maint:released:sle11-sp1:58333 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-17 13:39 UTC by Victor Pereira
Modified: 2014-09-02 14:08 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
patch against SLES11 apache (3.80 KB, patch)
2014-07-21 11:07 UTC, Roman Drahtmueller
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-07-17 13:39:16 UTC
CVE-2014-0226

This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apache HTTPD server. Authentication is not required
to exploit this vulnerability.

The specific flaw exists within the updating of mod_status.  A race condition in
mod_status allows an attacker to disclose information or corrupt memory with
several requests to endpoints with handler server-status and other endpoints.  
By abusing this flaw, an attacker can possibly disclose credentials or leverage
this situation to achieve remote code execution.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1120603
http://httpd.apache.org/security/vulnerabilities_24.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226
http://www.zerodayinitiative.com/advisories/ZDI-14-236/
Comment 1 Swamp Workflow Management 2014-07-17 15:00:42 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-07-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58331
Comment 2 SMASH SMASH 2014-07-17 15:05:16 UTC
Affected packages:

SLE-10-SP3-TERADATA: apache2
SLE-11-SP3: apache2
Comment 13 Roman Drahtmueller 2014-07-18 12:37:21 UTC
The 2.2 code is different in that the 2.2.12 code does not even have the
ap_get_scoreboard_worker_from_indexes() function.
I'm trying to determine if the race is similarly present in the 2.2 code.
Comment 14 Swamp Workflow Management 2014-07-18 22:00:29 UTC
bugbot adjusting priority
Comment 16 Roman Drahtmueller 2014-07-21 11:07:47 UTC
Created attachment 599270 [details]
patch against SLES11 apache

affirmative. 

Official (upstream) changeset is: http://svn.apache.org/r1610499
Comment 18 Bernhard Wiedemann 2014-07-25 16:00:33 UTC
This is an autogenerated message for OBS integration:
This bug (887765) was mentioned in
https://build.opensuse.org/request/show/242399 Evergreen:11.4 / apache2.openSUSE_Evergreen_11.4
Comment 25 Swamp Workflow Management 2014-08-06 23:05:03 UTC
SUSE-SU-2014:0967-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 859916,869105,869106,887765,887768
CVE References: CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    apache2-2.2.12-1.46.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    apache2-2.2.12-1.46.1
SUSE Linux Enterprise Server 11 SP3 (src):    apache2-2.2.12-1.46.1
Comment 26 Swamp Workflow Management 2014-08-07 21:05:12 UTC
openSUSE-SU-2014:0969-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 859916,869105,869106,871309,887765,887768
CVE References: CVE-2013-5705,CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231
Sources used:
openSUSE 11.4 (src):    apache2-2.2.17-80.1, apache2-mod_security2-2.7.5-16.1
Comment 27 Swamp Workflow Management 2014-08-19 14:12:00 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-08-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58625
Comment 28 Swamp Workflow Management 2014-08-20 17:07:30 UTC
openSUSE-SU-2014:1044-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 869105,869106,887765,887767,887768,887771
CVE References: CVE-2013-4352,CVE-2013-6438,CVE-2014-0098,CVE-2014-0117,CVE-2014-0226,CVE-2014-0231
Sources used:
openSUSE 13.1 (src):    apache2-2.4.6-6.27.1
Comment 29 Swamp Workflow Management 2014-08-20 17:08:35 UTC
openSUSE-SU-2014:1045-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 869105,869106,887765,887768
CVE References: CVE-2013-6438,CVE-2014-0098,CVE-2014-0226,CVE-2014-0231
Sources used:
openSUSE 12.3 (src):    apache2-2.2.22-10.12.1
Comment 30 Marcus Meissner 2014-09-02 12:00:35 UTC
was released today