Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2006-3747: off-by-one security problem in mod_rewrite

Related Vulnerabilities: CVE-2006-3747   CVE-2006-3918  

Source

Debian Bug report logs - #380182
CVE-2006-3747: off-by-one security problem in mod_rewrite

version graph

Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@lists.debian.org>; Source for apache2 is src:apache2 (PTS, buildd, popcon).

Reported by: sf@sfritsch.de

Date: Fri, 28 Jul 2006 08:48:01 UTC

Severity: grave

Tags: patch, security

Found in version apache2/2.0.55-4

Done: Tollef Fog Heen <tfheen@vawad.err.no>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#380182; Package apache2. (full text, mbox, link).

Acknowledgement sent to sf@sfritsch.de:
New Bug report received and forwarded. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: sf@sfritsch.de
To: submit@bugs.debian.org
Subject: CVE-2006-3747: off-by-one security problem in mod_rewrite
Date: Fri, 28 Jul 2006 10:04:04 +0200 (CEST)
package: apache2
version: 2.0.55-4
severity: grave
tags: security patch

SECURITY: CVE-2006-3747
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling.  For some RewriteRules this could lead to a pointer being
written out of bounds.  Reported by Mark Dowd of McAfee.

patch is at
http://svn.apache.org/viewvc/httpd/httpd/tags/2.0.59/modules/mappers/mod_rewrite.c?view=log

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#380182; Package apache2. (full text, mbox, link).

Acknowledgement sent to Steve Kemp <skx@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. (full text, mbox, link).

Message #10 received at 380182@bugs.debian.org (full text, mbox, reply):

From: Steve Kemp <skx@debian.org>
To: 380182@bugs.debian.org
Cc: sf@sfritsch.de
Subject: Confirmed
Date: Fri, 28 Jul 2006 15:05:24 +0100
  A security advisory is pending.

  This bug applies to both the apache and apache2 packages.  Same 
 fix in both packages, but in different locations...

Steve
--

Tags added: fixed Request was from Steve Kemp <skx@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Tags removed: fixed Request was from Tollef Fog Heen <tfheen@vawad.err.no> to control@bugs.debian.org. (full text, mbox, link).

Reply sent to Tollef Fog Heen <tfheen@vawad.err.no>:
You have taken responsibility. (full text, mbox, link).

Notification sent to sf@sfritsch.de:
Bug acknowledged by developer. (full text, mbox, link).

Message #19 received at 380182-done@bugs.debian.org (full text, mbox, reply):

From: Tollef Fog Heen <tfheen@vawad.err.no>
To: 299855-done@bugs.debian.org, 349416-done@bugs.debian.org, 374160-done@bugs.debian.org, 380182-done@bugs.debian.org, 381376-done@bugs.debian.org, control@bugs.debian.org
Subject: Fixed in NMU
Date: Fri, 06 Oct 2006 18:44:50 +0200
tag 299855 - fixed
tag 349416 - fixed
tag 374160 - fixed
tag 380182 - fixed
tag 381376 - fixed
thanks

Those are fixed in an NMU which was accepted by the maintainer, so closing properly.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 5 Aug 2006 21:35:53 +0000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source i386 all
Version: 2.0.55-4.1
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Steve Kemp <skx@debian.org>
Description: 
 apache2    - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0    - the Apache Portable Runtime
 libapr0-dev - development headers for libapr
Closes: 299855 349416 374160 380182 381376
Changes: 
 apache2 (2.0.55-4.1) unstable; urgency=high
 .
   * Non-maintainer upload.  Urgency set to high due to security fixes.
   * Added '052_mod_rewrite_CVE-2006-3747' to fix the off-by-one bug in
     mod_rewrite.
     [CVE-2006-3747].  (Closes: #380182)
   * Added '053_restore_prefix_fix' to allow rebuilding from source.
     (Closes: #374160)
   * Added '054_apr_sendfile' to allow building for Hurd.
     (Closes: #349416)
   * Added '055_expect_CVE-2006-3918' to fix XSS attack in Expect headers.
     [CVE-2006-3918].  (Closes: #381376)
   * Added bash-completion script from Guillaume Rousse.
     (Closes: #299855)
Files: 
 223b02dffbc296dcf0855cae7d6f6859 1134 net optional apache2_2.0.55-4.1.dsc
 34cac9f7ea8697a56ee130560f687af9 116470 net optional apache2_2.0.55-4.1.diff.gz
 40c4f5ddc6e647fcc8abe4804903ead6 2123872 doc optional apache2-doc_2.0.55-4.1_all.deb
 681dff30e6b08474e6d9b49fcaa7c568 807452 net optional apache2-common_2.0.55-4.1_i386.deb
 ab6615b417ed4affe66389bbce800fe5 93222 net optional apache2-utils_2.0.55-4.1_i386.deb
 2a48688e3b47de8c7a0a6185d608fbcb 211658 net optional apache2-mpm-worker_2.0.55-4.1_i386.deb
 fdd54801157e6bd36ba68c77244596bf 212042 net optional apache2-mpm-perchild_2.0.55-4.1_i386.deb
 513ca07e0b20fb6c01c8b7694e633c10 208356 net optional apache2-mpm-prefork_2.0.55-4.1_i386.deb
 51aa0db7789049d0235a76847f9bae4d 170694 devel optional apache2-prefork-dev_2.0.55-4.1_i386.deb
 101040cfbdab20d7905c4b2715dc145c 171446 devel optional apache2-threaded-dev_2.0.55-4.1_i386.deb
 8903bed1cae49fd6cbdbb257529e3bf5 137450 net optional libapr0_2.0.55-4.1_i386.deb
 f52a39811ae1212260eb2f2011135291 266536 libdevel optional libapr0-dev_2.0.55-4.1_i386.deb
 83ef811301c7bfe380ae939a3a73cf72 35604 web optional apache2_2.0.55-4.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE1RIKwM/Gs81MDZ0RAm6OAJ989piJWwpIaxKGfohSvyaxI0KsfwCeLThA
k8Ldo9vjUYbm86AnH4D2Doo=
=+WoX
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 19 Jun 2007 03:28:52 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:34:50 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started