Apache mod_rewrite模块单字节缓冲区溢出漏洞

洞描述
Apache是一款开放源代码WEB服务程序。

Apache的mod_rewrite模块在转义绝对URI主题时存在单字节缓冲区溢出漏洞，攻击者可能利用此漏洞在服务器上执行任意指令。

mod_rewrite模块的escape_absolute_uri()函数分离LDAP URL中的令牌时，会导致在字符指针数组以外写入指向用户控制数据的指针，这样就可能完全控制受影响的主机。

<*来源：Mark Dowd

链接：http://secunia.com/advisories/21197/print/
http://www.apache.org/dist/httpd/Announcement1.3.html
http://www.apache.org/dist/httpd/Announcement2.0.html
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.kb.cert.org/vuls/id/395412
ftp://patches.sgi.com/support/free/security/advisories/20060702-01-I.asc
http://www.debian.org/security/2006/dsa-1132
http://www.debian.org/security/2006/dsa-1131
http://security.gentoo.org/glsa/glsa-200608-01.xml
*>

 

解决方法

以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告，可以参考对应系统的安全公告修复该漏洞:

Ubuntu
----------------
USN-328-1: [USN-328-1] Apache vulnerability
链接: https://www.ubuntu.com/usn/usn-328-1

Gentoo
----------------
GLSA-200608-01: Apache: Off-by-one flaw in mod_rewrite
链接: https://security.gentoo.org/glsa/200608-01

FreeBSD
----------------
dc8c08c7-1e7c-11db-88cf-000c6ec775d9: apache -- mod_rewrite buffer overflow vulnerability
链接: http://vuxml.freebsd.org/freebsd/dc8c08c7-1e7c-11db-88cf-000c6ec775d9.html

Slackware
----------------
SSA:2006-209-01: [slackware-security] Apache httpd (SSA:2006-209-01)
链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.610131

openSUSE
----------------
SUSE-SA:2006:043: SUSE Security Announcement: apache,apache2 mod_rewrite problem (SUSE-SA:2006:043)
链接: https://lists.opensuse.org/opensuse-security-announce/2006-07/msg00019.html

Debian
----------------
DSA-1132: DSA-1132-1 apache2 -- buffer overflow
链接: https://www.debian.org/security/2006/dsa-1132
DSA-1131: DSA-1131-1 apache -- buffer overflow
链接: https://www.debian.org/security/2006/dsa-1131