Referenced CVEs:
CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005


Description:
=========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008apache2 vulnerabilitiesCVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that Apache did not sanitize the Expect header froman HTTP request when it is reflected back in an error message, whichcould result in browsers becoming vulnerable to cross-site scriptingattacks when processing the output. With cross-site scriptingvulnerabilities, if a user were tricked into viewing server outputduring a crafted server request, a remote attacker could exploit thisto modify the contents, or steal confidential data (such as passwords),within the same domain. This was only vulnerable in Ubuntu 6.06.(CVE-2006-3918)It was discovered that when configured as a proxy server and using athreaded MPM, Apache did not properly sanitize its input. A remoteattacker could send Apache crafted date headers and cause a denial ofservice via application crash. By default, mod_proxy is disabled inUbuntu. (CVE-2007-3847)It was discovered that mod_autoindex did not force a character set,which could result in browsers becoming vulnerable to cross-sitescripting attacks when processing the output. (CVE-2007-4465)It was discovered that mod_imap/mod_imagemap did not force acharacter set, which could result in browsers becoming vulnerableto cross-site scripting attacks when processing the output. Bydefault, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)It was discovered that mod_status when status pages were available,allowed for cross-site scripting attacks. By default, mod_status isdisabled in Ubuntu. (CVE-2007-6388)It was discovered that mod_proxy_balancer did not sanitize its input,which could result in browsers becoming vulnerable to cross-sitescripting attacks when processing the output. By default,mod_proxy_balancer is disabled in Ubuntu. This was only vulnerablein Ubuntu 7.04 and 7.10. (CVE-2007-6421)It was discovered that mod_proxy_balancer could be made todereference a NULL pointer. A remote attacker could send a craftedrequest and cause a denial of service via application crash. Bydefault, mod_proxy_balancer is disabled in Ubuntu. This was onlyvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)It was discovered that mod_proxy_ftp did not force a character set,which could result in browsers becoming vulnerable to cross-sitescripting attacks when processing the output. By default,mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)





More...