Updated: February 21, 2005
Affected
The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of versions 3.1.4 and 2.7.11 of mod_python. This release addresses a vulnerability in mod_python's publisher handler whereby a carefully crafted URL would expose objects that should not be visible, leading to an information leak. The Common Vulnerabilities and Exposures project (http://cve.mitre.org/) has assigned the name CAN-2005-0088 to this issue. Users of the publisher handler are urged to upgrade as soon as possible. There are no other changes or improvements from the previous version in this release. At this point the new version is only available as a source code archive. Users of mod_python on Win32 platform can update their installation by simply replacing the publisher.py file with the latest version from the source code archive. Mod_python is available for download from: http://httpd.apache.org/modules/python-download.cgi For more information about mod_python visit http://www.modpython.org/ Regards, Grisha Trubetskoy
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: February 21, 2005
Affected
Fedora Update Notification
FEDORA-2005-140
2005-02-10 Product : Fedora Core 3
Name : mod_python
Version : 3.1.3 =20
Release : 5.2 =20
Summary : An embedded Python interpreter for the Apache Web server. Description : Mod_python is a module that embeds the Python language interpreter within
the server, allowing Apache handlers to be written in Python. Mod_python brings together the versatility of Python and the power of
the Apache Web server for a considerable boost in flexibility and
performance over the traditional CGI approach. Update Information: Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL. A remote user could visit a carefully crafted URL that would gain access to
objects that should not be visible, leading to an information leak. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0088 to this issue. This update includes a patch which fixes this issue. * Mon Jan 31 2005 Joe Orton
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: February 21, 2005
Affected
Gentoo Linux Security Advisory GLSA 200502-14 http://security.gentoo.org/ Severity: Low Title: mod_python: Publisher Handler vulnerability Date: February 13, 2005 Bugs: #80109 ID: 200502-14 Synopsis mod_python contains a vulnerability in the Publisher Handler potentially leading to information disclosure. Background mod_python is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Affected packages Package / Vulnerable / Unaffected 1 dev-python/mod_python < 3.1.3-r1 >= 3.1.3-r1 Description Graham Dumpleton discovered a vulnerability in mod_python's Publisher Handler. Impact By requesting a specially crafted URL for a published module page, an attacker could obtain information about restricted variables. Workaround There is no known workaround at this time. Resolution All mod_python users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/mod_python-3.1.3-r1" References [ 1 ] CAN-2005-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0088 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200502-14.xml Concerns? Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: February 11, 2005 Updated: February 11, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat Security Advisory RHSA-2005:104-03 has details on updates and fixes.
Updated: February 21, 2005
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Trustix Secure Linux Security Advisory #2005-0003 Package name: bind clamav cpio cups mod_python perl postgresql python
squid
Summary: Security fixes
Date: 2005-02-11
Affected versions: Trustix Secure Linux 1.5
Trustix Secure Linux 2.1
Trustix Secure Linux 2.2
Trustix Operating System - Enterprise Server 2 Package description: bind: BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses, and a resolver library
(routines for applications to use when interfacing with DNS). A DNS
server allows clients to name resources or objects and share the
information with other network machines. The named DNS server can be
used on workstations as a caching name server, but is generally only
needed on one machine for an entire network. clamav: Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon,
a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with package,
which you can use with your own software. Most importantly, the virus database is kept up to date . cpio: GNU cpio copies files into or out of a cpio or tar archive. Archives
are files which contain a collection of other files plus information
about them, such as their file name, owner, timestamps, and access
permissions. The archive can be another file on the disk, a magnetic
tape, or a pipe. GNU cpio supports the following archive formats: binary,
old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1
tar. By default, cpio creates binary format archives, so that they are
compatible with older cpio programs. When it is extracting files from
archives, cpio automatically recognizes which kind of archive it is reading
and can read archives created on machines with a different byte-order. cups: The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. mod_python: Mod_python is a module that embeds the Python language interpreter within
the server, allowing Apache handlers to be written in Python. perl: Perl is a high-level programming language with roots in C, sed, awk
and shell scripting. Perl is good at handling processes and files,
and is especially good at handling text. Perl's hallmarks are
practicality and efficiency. While it is used to do a lot of
different things, Perl's most common applications (and what it excels
at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your
system can handle Perl scripts. postgresql: PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including
transactions, subselects and user-defined types and functions). The
postgresql package includes the client programs and libraries that
you'll need to access a PostgreSQL DBMS server. These PostgreSQL
client programs are programs that directly manipulate the internal
structure of PostgreSQL databases on a PostgreSQL server. These client
programs can be located on the same machine with the PostgreSQL
server, or may be on a remote machine which accesses a PostgreSQL
server over a network connection. This package contains the docs
in HTML for the whole package, as well as command-line utilities for
managing PostgreSQL databases on a PostgreSQL server. python: Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries. squid: Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests. Problem description: bind: A bug in the dnssec validator can result in an internal consistency check
failing and thus causing the named to exit abnormally. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0034 to this issue. clamav: An attacker can crash the ClamAV daemon by sending a specially
crafted ZIP file and thus causing a DoS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0133 to this issue. cpio: cpio reset the umask to 0 when writing files with the -O flag. This left the files both readable and writeable by all. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-1999-1572 to this issue. cups: A buffer overflow was found in the Decrypt::makeFileKey2 function
in Decrypt.cc for xpdf 3.00 and earlier allowed remote attackers
to execute arbitrary code via a PDF file. xpdf is not part of TSL, but a number of projects have reused this
code. Of those, cups is included in TSL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0064 to this issue. mod_python: Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL. A remote user could visit a carefully crafted URL that would gain access to
objects that should not be visible, leading to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0088 to this issue. perl: When executing a setuid-root perl, the file pointed to by the
PERLIO_DEBUG environment varibale would be overwritten. This has now
been fixed by ignoring PERLIO_DEBUG for setuid perl scripts. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0155 to this issue. Executing a setuid root perl script with a very long path caused a
buffer overflow if the PERLIO_DEBUG environment variable was set. This bug could be exploited to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0156 to this issue. postgresql: New upstream. Fixes local privilege escalation discovered by John Heasman
Any user could use the LOAD extention to load any shared library into
the server. This could be used to execute commands as the postgresql user. python: From the Python advisory: The Python development team has discovered a flaw in the
SimpleXMLRPCServer library module which can give remote attackers
access to internals of the registered object or its module or possibly
other modules. The flaw only affects Python XML-RPC servers that use
the register_instance() method to register an object without a
_dispatch() method. Servers using only register_function() are not
affected. On vulnerable XML-RPC servers, a remote attacker may be able to view
or modify globals of the module(s) containing the registered instance's
class(es), potentially leading to data loss or arbitrary code execution. If the registered object is a module, the danger is particularly serious. For example, if the registered module imports the os module, an attacker
could invoke the os.system() function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0089 to this issue. squid: A buffer overflow in the Gopher responses parser can be exploited
remotely in a denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0094 to this issue. An integer overflow in the receiver of Web Cache Communication Protocol
messages can be exploited remotely in a denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0095 to this issue. A memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7
and can be exploited remotely in a denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0096 to this issue. Sending a malformed NTML message to Squid 2.5.STABLE7 and earlier
can cause a remore denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0097 to this issue. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: February 21, 2005
Affected
Ubuntu Security Notice USN-80-1 February 11, 2005 libapache2-mod-python vulnerabilities CAN-2005-0088 A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libapache2-mod-python2.2 libapache2-mod-python2.3 The problem can be corrected by upgrading the affected package to version 3.1.3-1ubuntu3.2. After a standard system upgrade you need to restart the Apache 2 web server using sudo /etc/init.d/apache2 restart to effect the necessary changes. Details follow: Graham Dumpleton discovered an information disclosure in the "publisher" handle of mod_python. By requesting a carefully crafted URL for a published module page, anybody can obtain extra information about internal variables, objects, and other information which is not intended to be visible. Source archives: http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.diff.gz Size/MD5: 24067 485183927dd680eedb351cedbd0bb882 http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.dsc Size/MD5: 806 3b141dd6a13c2abc0c1780ff8d9c34aa http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3.orig.tar.gz Size/MD5: 293548 2e1983e35edd428f308b0dfeb1c23bfe Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.3-1ubuntu3.2_all.deb Size/MD5: 100700 6890472b77b13191bf5106123bbebc6c http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2_all.deb Size/MD5: 12462 b48ab5f2c09c47bfe0c7c02243766c4f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_amd64.deb Size/MD5: 87564 e331d0cbb7aacadc64ef44d41d326587 http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_amd64.deb Size/MD5: 87650 0dcbdb227cae1b4721c4b8e0454b4ea6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_i386.deb Size/MD5: 80502 003d29054ae210f2f81826bac8de7856 http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_i386.deb Size/MD5: 80538 1813380c5c39583e9311e117f2823aca powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_powerpc.deb Size/MD5: 85218 d56d5f3a5cda43096dda9d1d7fc3fc0b http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_powerpc.deb Size/MD5: 85350 9df8b87f95570137d2402818a252b38d
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.