FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)

Affected packages
apache < 1.3.42
apache+mod_perl < 1.3.42
apache+ipv6 < 1.3.42
0 <= apache_fp
ru-apache < 1.3.42+30.23
ru-apache+mod_ssl < 1.3.42
apache+ssl < 1.3.42.1.57_2
apache+mod_ssl < 1.3.41+2.8.27_2
apache+mod_ssl+ipv6 < 1.3.41+2.8.27_2
apache+mod_ssl+mod_accel < 1.3.41+2.8.27_2
apache+mod_ssl+mod_accel+ipv6 < 1.3.41+2.8.27_2
apache+mod_ssl+mod_accel+mod_deflate < 1.3.41+2.8.27_2
apache+mod_ssl+mod_accel+mod_deflate+ipv6 < 1.3.41+2.8.27_2
apache+mod_ssl+mod_deflate < 1.3.41+2.8.27_2
apache+mod_ssl+mod_deflate+ipv6 < 1.3.41+2.8.27_2
apache+mod_ssl+mod_snmp < 1.3.41+2.8.27_2
apache+mod_ssl+mod_snmp+mod_accel < 1.3.41+2.8.27_2
apache+mod_ssl+mod_snmp+mod_accel+ipv6 < 1.3.41+2.8.27_2
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.41+2.8.27_2
apache+mod_ssl+mod_snmp+mod_deflate < 1.3.41+2.8.27_2
apache+mod_ssl+mod_snmp+mod_deflate+ipv6 < 1.3.41+2.8.27_2

Details

VuXML ID cae01d7b-110d-11df-955a-00219b0fc4d8
Discovery 2009-06-30
Entry 2010-02-03
Modified 2010-02-03

Apache ChangeLog reports:

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

[source]

References

URL http://security-tracker.debian.org/tracker/CVE-2010-0010
URL http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010
URL http://www.security-database.com/detail.php?alert=CVE-2010-0010
URL http://www.vupen.com/english/Reference-CVE-2010-0010.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.