Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2006-209-01
HistoryJul 29, 2006 - 12:21 a.m.

[slackware-security] Apache httpd

2006-07-2900:21:45
Slackware Linux Project
www.slackware.com
20

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix a security issue with mod_rewrite.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

https://vulners.com/cve/CVE-2006-3747

In addition, new mod_ssl packages for Apache 1.3.37 are available for
all of these versions of Slackware. This additional package does not
fix a security issue, but may be required on your system depending on
your Apache setup.

Here are the details from the Slackware 10.2 ChangeLog:

patches/packages/apache-1.3.37-i486-1_slack10.2.tgz:
Upgraded to apache-1.3.37.
From the announcement on httpd.apache.org:
This version of Apache is security fix release only. An off-by-one flaw
exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
The Slackware Security Team feels that the vast majority of installations
will not be configured in a vulnerable way but still suggests upgrading to
the new apache and mod_ssl packages for maximum security.
For more details, see:
https://vulners.com/cve/CVE-2006-3747
And see Apache’s announcement here:
http://www.apache.org/dist/httpd/Announcement1.3.html
(* Security fix *)
patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz:
Upgraded to mod_ssl-2.8.28-1.3.37.

Where to find the new packages:

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.37-i386-1_slack8.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.28_1.3.37-i386-1_slack8.1.tgz

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.37-i386-1_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.28_1.3.37-i386-1_slack9.0.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.37-i486-1_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack9.1.tgz

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.37-i486-1_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.0.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.37-i486-1_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.1.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.37-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.37-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.28_1.3.37-i486-1.tgz

MD5 signatures:

Slackware 8.1 packages:
55d47a6b97a9d7a22c7a763516efcea8 apache-1.3.37-i386-1_slack8.1.tgz
1368c7ae40208b163f3206f3e22048ff mod_ssl-2.8.28_1.3.37-i386-1_slack8.1.tgz

Slackware 9.0 packages:
99ce9375d240afd31b9106adec400815 apache-1.3.37-i386-1_slack9.0.tgz
5a61caaf9f4165212907e6a296356c43 mod_ssl-2.8.28_1.3.37-i386-1_slack9.0.tgz

Slackware 9.1 packages:
25a4d00152a314a0725d911042e96401 apache-1.3.37-i486-1_slack9.1.tgz
7cc5b41158adf19a069897add2700afa mod_ssl-2.8.28_1.3.37-i486-1_slack9.1.tgz

Slackware 10.0 packages:
84542fd4e9b31a5607810ccf4a37a103 apache-1.3.37-i486-1_slack10.0.tgz
dc47b69b0609f94a68196d07c42d563f mod_ssl-2.8.28_1.3.37-i486-1_slack10.0.tgz

Slackware 10.1 packages:
d442b2fa446eb41592ad2b0b8f9bf836 apache-1.3.37-i486-1_slack10.1.tgz
fc5dc2154b3d906a91745761a9511276 mod_ssl-2.8.28_1.3.37-i486-1_slack10.1.tgz

Slackware 10.2 packages:
289a0160cce32539318b6155e112905d apache-1.3.37-i486-1_slack10.2.tgz
f115fb6e615f2688e182a7696b63f76e mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz

Slackware -current packages:
8031dea830403ed012b6cf12795dd219 apache-1.3.37-i486-1.tgz
fb24b42306a8731b1fcce93c90f99ded mod_ssl-2.8.28_1.3.37-i486-1.tgz

Installation instructions:

First, stop apache:

> apachectl stop

Then, upgrade the apache package:

> upgradepkg apache-1.3.37-i486-1_slack10.2.tgz mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz

Finally, restart apache:

> apachectl start

Or, if you use mod_ssl:

> apachectl startssl

OSVersionArchitecturePackageVersionFilename
Slackware8.1i386apache<Β 1.3.37apache-1.3.37-i386-1_slack8.1.tgz
Slackware8.1i386mod_ssl<Β 2.8.28_1.3.37mod_ssl-2.8.28_1.3.37-i386-1_slack8.1.tgz
Slackware9.0i386apache<Β 1.3.37apache-1.3.37-i386-1_slack9.0.tgz
Slackware9.0i386mod_ssl<Β 2.8.28_1.3.37mod_ssl-2.8.28_1.3.37-i386-1_slack9.0.tgz
Slackware9.1i486apache<Β 1.3.37apache-1.3.37-i486-1_slack9.1.tgz
Slackware9.1i486mod_ssl<Β 2.8.28_1.3.37mod_ssl-2.8.28_1.3.37-i486-1_slack9.1.tgz
Slackware10.0i486apache<Β 1.3.37apache-1.3.37-i486-1_slack10.0.tgz
Slackware10.0i486mod_ssl<Β 2.8.28_1.3.37mod_ssl-2.8.28_1.3.37-i486-1_slack10.0.tgz
Slackware10.1i486apache<Β 1.3.37apache-1.3.37-i486-1_slack10.1.tgz
Slackware10.1i486mod_ssl<Β 2.8.28_1.3.37mod_ssl-2.8.28_1.3.37-i486-1_slack10.1.tgz
Rows per page:
1-10 of 141

Related

openvas 47
securityvulns 4
nessus 32
exploitpack 2
debian 2
nvd 1
cvelist 1
f5 2
redhatcve 1
freebsd 1
httpd 3
saint 4
gentoo 1
packetstorm 5
seebug 4
checkpoint_advisories 2
ubuntucve 1
debiancve 1
ubuntu 1
cve 1
exploitdb 2
suse 1
cert 1
fedora 1
openvas
openvas
FreeBSD Ports: apache
2008-09-04 00:00:00
SLES9: Security update for Apache and mod_ssl
2009-10-10 00:00:00
SLES9: Security update for Apache and mod_ssl
2009-10-10 00:00:00
securityvulns
securityvulns
[Full-disclosure] [USN-328-1] Apache vulnerability
2006-07-28 00:00:00
[Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 &#40;2.0.59, 1.3.37&#41; Released
2006-07-28 00:00:00
POC &amp; exploit for Apache mod_rewrite off-by-one
2006-08-21 00:00:00
nessus
nessus
Apache < 1.3.37 mod_rewrite LDAP Protocol URL Handling Overflow
2008-03-26 00:00:00
GLSA-200608-01 : Apache: Off-by-one flaw in mod_rewrite
2006-08-04 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd (SSA:2006-209-01)
2006-08-04 00:00:00
exploitpack
exploitpack
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
2007-04-07 00:00:00
Apache 1.3.372.0.592.2.3 mod_rewrite - Remote Overflow
2006-08-21 00:00:00
debian
debian
[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow
2006-08-01 12:57:19
[SECURITY] [DSA 1131-1] New apache package fix buffer overflow
2006-08-01 10:46:24
nvd
nvd
CVE-2006-3747
2006-07-28 18:02:00
cvelist
cvelist
CVE-2006-3747
2006-07-28 18:00:00
f5
f5
SOL6878 - Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747
2007-05-16 00:00:00
K6878 : Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747
2013-03-19 00:00:00
redhatcve
redhatcve
CVE-2006-3747
2015-10-30 09:51:27
freebsd
freebsd
apache -- mod_rewrite buffer overflow vulnerability
2006-07-27 00:00:00
httpd
httpd
Apache Httpd < 2.2.3 : mod_rewrite off-by-one error
2006-07-21 00:00:00
Apache Httpd < 1.3.37 : mod_rewrite off-by-one error
2006-07-21 00:00:00
Apache Httpd < 2.0.59 : mod_rewrite off-by-one error
2006-07-21 00:00:00
saint
saint
Apache mod_rewrite LDAP URL buffer overflow
2007-06-22 00:00:00
Apache mod_rewrite LDAP URL buffer overflow
2007-06-22 00:00:00
Apache mod_rewrite LDAP URL buffer overflow
2007-06-22 00:00:00
gentoo
gentoo
Apache: Off-by-one flaw in mod_rewrite
2006-08-01 00:00:00
packetstorm
packetstorm
modrewritepoc.txt
2006-08-27 00:00:00
modrewrite-offbyone.txt
2007-04-07 00:00:00
apache-mod-rewrite.rb.txt
2008-01-07 00:00:00
seebug
seebug
Apache &lt; 1.3.37 2.0.59 2.2.3 (mod_rewrite) Remote Overflow PoC
2006-08-21 00:00:00
Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
2014-07-01 00:00:00
Apache mod_rewriteζ¨‘ε—ε•ε­—θŠ‚ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2006-11-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Server mod_rewrite Module LDAP Scheme Handling Buffer Overflow (CVE-2006-3747)
2009-09-30 00:00:00
Update Protection against Apache LDAP HTTP Server Buffer Overflow Vulnerability
2006-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2006-3747
2006-07-28 00:00:00
debiancve
debiancve
CVE-2006-3747
2006-07-28 18:02:00
ubuntu
ubuntu
Apache vulnerability
2006-07-28 00:00:00
cve
cve
CVE-2006-3747
2006-07-28 18:02:00
exploitdb
exploitdb
Apache &lt; 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
2006-08-21 00:00:00
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
2007-04-07 00:00:00
suse
suse
remote denial of service in apache,apache2
2006-07-28 14:21:14
cert
cert
Apache mod_rewrite contains off-by-one error in ldap scheme handling
2006-07-28 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.3
2007-07-02 15:01:38

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for SSA-2006-209-01
openvas47securityvulns4nessus32exploitpack2debian2nvd1cvelist1f52redhatcve1freebsd1httpd3saint4gentoo1packetstorm5seebug4checkpoint_advisories2ubuntucve1debiancve1ubuntu1cve1exploitdb2suse1cert1fedora1