The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache APR-util: overflow of apr_brigade_vprintf

Synthesis of the vulnerability 

An attacker can generate an off by one overflow in the apr_brigade_vprintf() function of Apache APR-util.
Vulnerable systems: APR-util, Apache httpd, Fedora, HP-UX, WebSphere AS Traditional, NSM Central Manager, NSMXpress, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, Solaris, RHEL, Slackware, SLES.
Severity of this threat: 2/4.
Creation date: 08/06/2009.
Références of this weakness: 504390, BID-35251, c02579879, CVE-2009-1956, FEDORA-2009-5969, FEDORA-2009-6014, FEDORA-2009-6261, HPSBUX02612, MDVSA-2009:131, MDVSA-2009:131-1, MDVSA-2009:314, PK87176, PK88341, PK88342, PK91361, PK99477, PK99478, PK99480, PSN-2012-11-767, RHSA-2009:1107-01, RHSA-2009:1108-01, RHSA-2010:0602-02, SSA:2009-214-01, SSRT100345, SUSE-SR:2009:013, VIGILANCE-VUL-8768.

Description of the vulnerability 

The Apache APR-util library offers the "bucket" module which is used to store data organized in "brigades" (double chained list).

The apr_brigade_vprintf() function adds a formatted string in a brigade. This function adds a '\0' string terminator at the end of the buffer. However, it does not check if the buffer can contain this character. An overflow of one byte thus occurs.

An attacker can therefore generate an off by one overflow in the apr_brigade_vprintf() function, in order to generate a denial of service in applications linked to Apache APR-util.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity note impacts software or systems such as APR-util, Apache httpd, Fedora, HP-UX, WebSphere AS Traditional, NSM Central Manager, NSMXpress, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, Solaris, RHEL, Slackware, SLES.

Our Vigil@nce team determined that the severity of this computer weakness announce is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this cybersecurity vulnerability.

Solutions for this threat 

Apache httpd: version 2.2.12.
Version 2.2.12 is corrected:
  http://httpd.apache.org/

Apache APR-util: version 1.3.7.
Version 1.3.7 is corrected:
  http://apr.apache.org/download.cgi
  http://www.apache.org/dist/apr/

Apache APR-util: version 0.9.7.
Version 0.9.7 is corrected:
  http://apr.apache.org/download.cgi

Fedora: new apr-util packages.
New packages are available:
  apr-util-1.2.12-7.fc9
  apr-util-1.3.7-1.fc10
  apr-util-1.3.7-1.fc11

HP-UX: Apache version B.2.0.63.01.
The version B.2.0.63.01 is corrected:
  http://software.hp.com/

Juniper NSM, NSMXpress: versions 2010.3s7, 2011.4s4, 2012.1.
Versions 2010.3s7, 2011.4s4 and 2012.1 are fixed:
  http://www.juniper.net/support/products/nsm/2012.1/

Mandriva 2008.0: new apr packages.
New packages are available:
  apr-1.2.11-1.1mdv2008.0

Mandriva: new apr-util packages.
New packages are available:
  Mandriva Linux 2008.1: apr-util-1.2.12-4.1mdv2008.1
  Mandriva Linux 2009.0: apr-util-1.3.4-2.1mdv2009.0
  Mandriva Linux 2009.1: apr-util-1.3.4-9.1mdv2009.1
  Corporate 3.0: apache2-2.0.48-6.20.C30mdk
  Corporate 4.0: apr-util-1.2.7-6.1.20060mlcs4
  Multi Network Firewall 2.0: apache2-2.0.48-6.20.C30mdk

RHEL 3: new httpd packages.
New packages are available:
Red Hat Enterprise Linux version 3: httpd-2.0.46-73.ent

RHEL 4, 5: new apr-util packages.
New packages are available:
Red Hat Enterprise Linux version 4: apr-util-0.9.4-22.el4_8.1
Red Hat Enterprise Linux version 5: apr-util-1.2.7-7.el5_3.1

RHEL 4: new Red Hat Certificate System 7.3 packages.
New packages are available, as indicated in information sources.

Slackware: new httpd packages.
New packages are available:
Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.12-i486-1_slack12.0.tgz
Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.12-i486-1_slack12.1.tgz
Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.12-i486-1_slack12.2.tgz

Solaris 10: patch for APR-util.
A patch is available:
  SPARC: 120543-18
  X86: 120544-18

SUSE: new packages (11/08/2009).
New packages are available.

WebSphere AS: APAR for Apache.
An APAR is available:
IBM (PK87176):
  http://www-01.ibm.com/support/docview.wss?uid=swg1PK99477
IBM (PK88341, PK88342):
  http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
IBM (PK91361):
  http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity announces. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.