[Full-disclosure] [USN-731-1] Apache vulnerabilities

Marc Deslauriers marc.deslauriers at canonical.com
Tue Mar 10 16:54:06 GMT 2009 

===========================================================
Ubuntu Security Notice USN-731-1             March 10, 2009
apache2 vulnerabilities
CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168,
CVE-2008-2364, CVE-2008-2939
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  apache2-common                  2.0.55-4ubuntu2.4
  apache2-mpm-perchild            2.0.55-4ubuntu2.4
  apache2-mpm-prefork             2.0.55-4ubuntu2.4
  apache2-mpm-worker              2.0.55-4ubuntu2.4

Ubuntu 7.10:
  apache2-mpm-event               2.2.4-3ubuntu0.2
  apache2-mpm-perchild            2.2.4-3ubuntu0.2
  apache2-mpm-prefork             2.2.4-3ubuntu0.2
  apache2-mpm-worker              2.2.4-3ubuntu0.2
  apache2.2-common                2.2.4-3ubuntu0.2

Ubuntu 8.04 LTS:
  apache2-mpm-event               2.2.8-1ubuntu0.4
  apache2-mpm-perchild            2.2.8-1ubuntu0.4
  apache2-mpm-prefork             2.2.8-1ubuntu0.4
  apache2-mpm-worker              2.2.8-1ubuntu0.4
  apache2.2-common                2.2.8-1ubuntu0.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Apache did not sanitize the method specifier header from
an HTTP request when it is returned in an error message, which could result in
browsers becoming vulnerable to cross-site scripting attacks when processing the
output. With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and
7.10. (CVE-2007-6203)

It was discovered that Apache was vulnerable to a cross-site request forgery
(CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator
were tricked into clicking a link on a specially crafted web page, an attacker
could trigger commands that could modify the balancer manager configuration

Full-Disclosure is hosted and sponsored by Secunia.