Apache APR-util ‘apr_strmatch_precompile()’整数下溢漏洞 | ZeroBox Vulnerability Database

首页

菜单

Apache APR-util ‘apr_strmatch_precompile()’整数下溢漏洞

发表评论 (0) 查看评论

漏洞起因
设计错误

影响系统
Apache Software Foundation APR-util 1.3.4

不受影响系统
Apache Software Foundation APR-util 1.3.5

危害
远程攻击者可以利用漏洞以应用程序上下文执行任意指令。

攻击所需条件
攻击者必须访问Apache APR-util。

漏洞信息
Apache APR-util是一款可移植运行库，全名为Apache Portable Runtime。
Apache APR-util apr_strmatch_precompile函数存在一个整数下溢问题，远程攻击者可以利用漏洞以应用程序上下文执行任意指令。
目前没有详细漏洞细节提供。

测试方法

厂商解决方案
可参考如下补丁信息：
Debian Linux 4.0 amd64
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_amd64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_amd64.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_amd64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_amd64.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_amd64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_amd64.deb
Debian Linux 4.0 ia-32
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_i386.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_i386.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_i386.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_i386.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_i386.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_i386.deb
Debian Linux 4.0 arm
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_arm.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_arm.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_arm.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_arm.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_arm.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_arm.deb
Debian Linux 5.0 hppa
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_hppa.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_hppa.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_hppa.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_hppa.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_hppa.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_hppa.deb
Debian Linux 5.0 ia-64
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_ia64.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_ia64.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_ia64.deb
Debian Linux 4.0 hppa
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_hppa.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_hppa.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_hppa.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_hppa.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_hppa.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_hppa.deb
Debian Linux 4.0 sparc
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_sparc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_sparc.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_sparc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_sparc.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_sparc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_sparc.deb
Debian Linux 4.0 s/390
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_s390.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_s390.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_s390.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_s390.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_s390.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_s390.deb
Debian Linux 5.0 arm
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_arm.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_arm.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_arm.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_arm.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_arm.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_arm.deb
Debian Linux 4.0 powerpc
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_powerpc.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_powerpc.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_powerpc.deb
Debian Linux 4.0 alpha
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_alpha.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_alpha.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_alpha.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_alpha.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_alpha.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_alpha.deb
Debian Linux 5.0 armel
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_armel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_armel.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_armel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_armel.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_armel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_armel.deb
Debian Linux 4.0 mipsel
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_mipsel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_mipsel.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_mipsel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_mipsel.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_mipsel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_mipsel.deb
Debian Linux 5.0 amd64
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_amd64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_amd64.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_amd64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_amd64.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_amd64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_amd64.deb
Debian Linux 5.0 alpha
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_alpha.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_alpha.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_alpha.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_alpha.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_alpha.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_alpha.deb
Debian Linux 5.0 ia-32
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_i386.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_i386.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_i386.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_i386.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_i386.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_i386.deb
Debian Linux 5.0 mips
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_mips.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_mips.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_mips.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_mips.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_mips.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_mips.deb
Debian Linux 5.0 s/390
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_s390.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_s390.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_s390.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_s390.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_s390.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_s390.deb
Debian Linux 5.0 mipsel
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_mipsel.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_mipsel.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_mipsel.deb
Debian Linux 5.0 powerpc
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_powerpc.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_powerpc.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_powerpc.deb
Debian Linux 4.0 ia-64
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_ia64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_ia64.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_ia64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_ia64.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_ia64.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_ia64.deb
Debian Linux 4.0 mips
Debian libaprutil1-dbg_1.2.7+dfsg-2+etch2_mips.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.7+dfsg-2+etch2_mips.deb
Debian libaprutil1-dev_1.2.7+dfsg-2+etch2_mips.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.7+dfsg-2+etch2_mips.deb
Debian libaprutil1_1.2.7+dfsg-2+etch2_mips.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.7+dfsg-2+etch2_mips.deb
Debian Linux 5.0 sparc
Debian libaprutil1-dbg_1.2.12+dfsg-8+lenny2_sparc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-db g_1.2.12+dfsg-8+lenny2_sparc.deb
Debian libaprutil1-dev_1.2.12+dfsg-8+lenny2_sparc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-de v_1.2.12+dfsg-8+lenny2_sparc.deb
Debian libaprutil1_1.2.12+dfsg-8+lenny2_sparc.deb
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1. 2.12+dfsg-8+lenny2_sparc.deb

漏洞提供者
Matthew Palmer

漏洞消息链接
http://svn.apache.org/viewvc?view=rev&revision=779880

← Hitachi Web Server反向代理远程拒绝服务漏洞

Apache Tomcat表单验证用户名枚举漏洞 →

发表评论？

0 条评论。

发表评论

要发表评论，您必须先登录。