Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-80-1] mod_python vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Fri, 11 Feb 2005 10:41:39 +0100

===========================================================
Ubuntu Security Notice USN-80-1           February 11, 2005
libapache2-mod-python vulnerabilities
CAN-2005-0088
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-python2.2
libapache2-mod-python2.3

The problem can be corrected by upgrading the affected package to
version 3.1.3-1ubuntu3.2.  After a standard system upgrade you need to
restart the Apache 2 web server using

  sudo /etc/init.d/apache2 restart

to effect the necessary changes.

Details follow:

Graham Dumpleton discovered an information disclosure in the
"publisher" handle of mod_python. By requesting a carefully crafted
URL for a published module page, anybody can obtain extra information
about internal variables, objects, and other information which is not
intended to be visible.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.diff.gz
      Size/MD5:    24067 485183927dd680eedb351cedbd0bb882
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.dsc
      Size/MD5:      806 3b141dd6a13c2abc0c1780ff8d9c34aa
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3.orig.tar.gz
      Size/MD5:   293548 2e1983e35edd428f308b0dfeb1c23bfe

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.3-1ubuntu3.2_all.deb
      Size/MD5:   100700 6890472b77b13191bf5106123bbebc6c
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2_all.deb
      Size/MD5:    12462 b48ab5f2c09c47bfe0c7c02243766c4f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_amd64.deb
      Size/MD5:    87564 e331d0cbb7aacadc64ef44d41d326587
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_amd64.deb
      Size/MD5:    87650 0dcbdb227cae1b4721c4b8e0454b4ea6

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_i386.deb
      Size/MD5:    80502 003d29054ae210f2f81826bac8de7856
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_i386.deb
      Size/MD5:    80538 1813380c5c39583e9311e117f2823aca

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_powerpc.deb
      Size/MD5:    85218 d56d5f3a5cda43096dda9d1d7fc3fc0b
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_powerpc.deb
      Size/MD5:    85350 9df8b87f95570137d2402818a252b38d

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • [USN-80-1] mod_python vulnerability Martin Pitt (Feb 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault