Apache Mod_DAV LOCK远程拒绝服务漏洞

		当前位置：主页>安全文章>文章资料>漏洞资料>文章内容

Apache Mod_DAV LOCK远程拒绝服务漏洞

来源：vfocus.net 作者：vfocus 发布时间：2004-09-21

Apache Mod_DAV LOCK远程拒绝服务漏洞

受影响系统：
Apache Software Foundation Apache 2.0a9
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 2.0.48
- Mandrake Linux 10.0
- SuSE Linux 9.0
- SuSE Linux 8.2
- SuSE Linux 8.1
- Trustix Secure Linux 2.0
不受影响系统：
Apache Software Foundation Apache 2.0.51
描述：
--------------------------------------------------------------------------------
BUGTRAQ ID: 11185
CVE(CAN) ID: CAN-2004-0809

Apache HTTP服务器是流行的开放源代码WEB服务器程序，可使用在Unix和Windows操作系统下。

Apache Web Server的'mod_dav'模块在处理LOCK命令时存在问题，远程攻击者可以利用这个漏洞对服务程序拒绝服务攻击。

当Apache配置使用'mod_dav'模块时，接收到验证用户一特殊序列的LOCK命令时会导致Apache进程崩溃。如果Apache配置使用线程进程模型，攻击者可以完全使Apache崩溃，如果配置成使用多进程方式，攻击者可以使独立的WEB服务进程崩溃。

<*来源：Julian Reschke （julian.reschke@gmx.de）

链接：http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1390.1
http://security.gentoo.org/glsa/glsa-200409-21.xml
*>

测试方法：
--------------------------------------------------------------------------------

警告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

Julian Reschke （julian.reschke@gmx.de）提供了如下测试方法：

MKCOL x
PUT x/y
LOCK x
LOCK x/y

建议：
--------------------------------------------------------------------------------
厂商补丁：

RedHat
------
RedHat已经为此发布了一个安全公告（RHSA-2004:463-01）以及相应补丁:
RHSA-2004:463-01：Updated httpd packages fix security issues
链接：http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1390.1

补丁下载：

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm
118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm

i386:
d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm
47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm
31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm

ia64:
003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm
5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm
8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm

ppc:
ba15fb395941153af8a1948e815a7766 httpd-2.0.46-40.ent.ppc.rpm
2c0fea7d2609184e9c83f217467d6604 httpd-devel-2.0.46-40.ent.ppc.rpm
47af970958b311d847c371f613598860 mod_ssl-2.0.46-40.ent.ppc.rpm

s390:
665d880863e1b6d42b781c4bdf669dbc httpd-2.0.46-40.ent.s390.rpm
fb62b8c10de648d5bcc47e02283e08e2 httpd-devel-2.0.46-40.ent.s390.rpm
b76e2e9b285be2a504d2bbf0891d8d61 mod_ssl-2.0.46-40.ent.s390.rpm

s390x:
7b4e52ec167fcdc9a28ee182665cafb6 httpd-2.0.46-40.ent.s390x.rpm
5f22b40c3cc27953d3395c2ba7a025dd httpd-devel-2.0.46-40.ent.s390x.rpm
499cd6bba360fba292653ec177804487 mod_ssl-2.0.46-40.ent.s390x.rpm

x86_64:
571a7b24d4db094924f85f1941864acb httpd-2.0.46-40.ent.x86_64.rpm
8ea0c717fcfc72fbf1c0c9b63feaddd8 httpd-devel-2.0.46-40.ent.x86_64.rpm
18beb0b00ff24f5e4065cbb3f96e041d mod_ssl-2.0.46-40.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm
118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm

i386:
d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm
47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm
31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm
118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm

i386:
d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm
47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm
31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm

ia64:
003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm
5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm
8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-40.ent.src.rpm
118b25881f9cc755586a3430495c84be httpd-2.0.46-40.ent.src.rpm

i386:
d0997b36caf1390e26ab722ff69ae574 httpd-2.0.46-40.ent.i386.rpm
47d37e2130e1e70d3c6183228a4e26da httpd-devel-2.0.46-40.ent.i386.rpm
31444c51fd279bb9eaeb7dd1a1e3682e mod_ssl-2.0.46-40.ent.i386.rpm

ia64:
003b65f1afe4338b0ca0a8f943e04cdc httpd-2.0.46-40.ent.ia64.rpm
5173c129ff5c7e6f6bda97e062d5d24e httpd-devel-2.0.46-40.ent.ia64.rpm
8f0189f714f484683c9cdcbda9246db1 mod_ssl-2.0.46-40.ent.ia64.rpm

Apache Software Foundation
--------------------------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Apache Software Foundation Apache 2.0.50:
Apache Software Foundation Upgrade httpd-2.0.51.tar.gz
http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

Gentoo
------
Gentoo已经为此发布了一个安全公告（GLSA-200409-21）以及相应补丁:
GLSA-200409-21：Apache 2, mod_dav: Multiple vulnerabilities
链接：http://security.gentoo.org/glsa/glsa-200409-21.xml

emerge sync
emerge -pv ">=net-www/apache-2.0.51"
emerge ">=net-www/apache-2.0.51"
emerge -pv ">=net-www/mod_dav-1.0.3-r2"
emerge ">=net-www/mod_dav-1.0.3-r2"

[