Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0111 Multiple vulnerabilities have been found in Apache 2.x mod_setenvif 12 December 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apache 2.x Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2011-3607 Member content until: Wednesday, January 11 2012 OVERVIEW An interger overflow vulnerability hase been discovered in Apache 2.x mod_pregsub. IMPACT An issue has been found in the Apache ap_pregsub function which allows escalation of privileges with the use of a specially crafted HTTP request header.[1] MITIGATION Users of Apache are advised to check updates for their specific systems. Users who compile Apache from source are advised to check out the latest copy from Apache SVN and recompile.[2] REFERENCES [1] Report of CVE-2011-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3639 [2] Fix for CVE-2011-3639 in Apache SVN tree. http://svn.apache.org/viewvc?view=revision&revision=1198940 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTuWm5+4yVqjM2NGpAQJDlBAAs6UaXWsCnxPGcWfXsmIqEiPAkes2eUiT 9F+ExH4E29GxF7wm3Bad2JCSGsuaXCBfmsxH/7qD2FXg6EAPkgMLqzXhmxwm2QT7 eG7tLVsoZ/aGUG2Zd5q5ygxnRbWmuhlwOxfHczeQj9pKvc/74FSF3mKimk7Y9Wz9 lxcN+CU5BAr2ThKdRjdNq/EVnaMcxnrTM+Z5o79QepZ9yFyuAHAW++N9mLBD392J NYGp6mhTT2vatAVWyS8w5KBz38PdnUbwUhUUtY6NGp4tOPCJ1Ii1uKiNBtpU6zGx jd5ebdwcMcLOb6f68WcfGzLIHDsQegYGE9osqJ2t6MqKx7pUSryyqnSFU/WqFHW0 K5o6MERy5n0o2+B5qkBQScPp9L7XHWZ9i6iVrN5Qzu8RquYcQ9x6uA4zjOm/Kfwm CVnUtQ403RgAWNCTmJFz2R/M19VjGZQ35Fv3pHPhLhQ64FzW+fapsOdKIRrH5d03 QlerU1qZtQNRTWNmq5SaTPLMkSpohSsZcB+DE5n2zR/TD2rw1CQL+PRUtTjFXaGl vbGcQFjN10diIELa4MtAeGYvA2XEeZU8VAq7yryunOl63cTYmUP6iD91flL+3fZz paYZZlYtrFdTguFYkgnEuUm5PBR74w8cIY17GwuAOUrevSHJLdW3a7KjI0PMLri6 NGTTNStxmO4= =I9Cs -----END PGP SIGNATURE-----