Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ESA-20010620-02] apache directory listing vulnerability
From: EnGarde Secure Linux <security () guardiandigital com>
Date: Thu, 21 Jun 2001 17:08:35 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                   June 20, 2001 |
| http://www.engardelinux.org/                           ESA-20010620-02 |
|                                                                        |
| Package:  apache                                                       |
| Summary:  An attacker can bypass index files and retrieve a directory  |
|           listing.                                                     |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.


OVERVIEW
- --------
  There is a vulnerability in apache by which an attacker can get a
  directory listing even when an index file (such as index.html) is
  present.


DETAIL
- ------
  By sending apache a very long path containing slashes, an attacker can
  trick mod_negotiation and mod_dir/mod_autoindex into displaying a
  directory listing.  This was fixed in apache version 1.3.18 (which was
  an internal release not made available to the public).  This updated
  package will now return a 403 (FORBIDDEN) when such a request is made.


SOLUTION
- --------
  All users should upgrade to the most recent version, as outlined in
  this advisory.  All updates can be found at:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.ibiblio.org/pub/linux/distributions/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh <filename>

  Once the updated package is installed, you need to restart it:

    # /etc/init.d/httpd restart

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signature of the updated packages, execute the command:

    # rpm -Kv <filename>


UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

  Source Packages:

    SRPMS/apache-1.3.20-1.0.25.src.rpm
      MD5 Sum:  23e58c358deef336067d165b51ed7b3d

  Binary Packages:

    i386/apache-1.3.20-1.0.25.i386.rpm
      MD5 Sum:  084e9b7630af62f540e539e7a66af559

    i686/apache-1.3.20-1.0.25.i686.rpm
      MD5 Sum:  aab4dc51aca297660eee675a56fc506b


REFERENCES
- ----------
  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Credit for the discovery of this bug goes to:
    Martin Kraemer

  Apache's Official Web Site:
    http://httpd.apache.org/

  Apache's Changelog:
    http://httpd.apache.org/dist/httpd/CHANGES_1.3


- --------------------------------------------------------------------------
$Id: ESA-20010620-02-apache,v 1.3 2001/06/20 18:51:29 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan () guardiandigital com> 
Copyright 2001, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7MmJZHD5cqd57fu0RAm+hAJ41UiSJyHXoD1M0nzHi+M050ejezACgnWQj
xsg34aiQ4P/NzAw7P0xZDh8=
=d1NS
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ESA-20010620-02] apache directory listing vulnerability EnGarde Secure Linux (Jun 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]