[Secure-testing-team] Bug#545951: CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS
Giuseppe Iuculano
giuseppe at iuculano.it
Thu Sep 10 08:12:29 UTC 2009
Package: apache2.2-common
Version: 2.2.12-1
Severity: normal
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for apache2.
CVE-2009-3094[0]:
| The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the
| mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13
| allows remote FTP servers to cause a denial of service (NULL pointer
| dereference and child process crash) via a malformed reply to an EPSV
| command.
NOTE: as of 20090910 this disclosure has no actionable information
NOTE: based on a VulnDisco commercial 0day
CVE-2009-3095[1]:
| The mod_proxy_ftp module in the Apache HTTP Server allows remote
| attackers to bypass intended access restrictions and send arbitrary
| commands to an FTP server via vectors related to the embedding of
| these commands in the Authorization HTTP header, as demonstrated by a
| certain module in VulnDisco Pack Professional 8.11. NOTE: as of
| 20090903, this disclosure has no actionable information. However,
| because the VulnDisco Pack author is a reliable researcher, the issue
| is being assigned a CVE identifier for tracking purposes.
NOTE: mod_proxy_ftp should be enabled. with -mpm-prefork only a child crashes, not a really DoS
NOTE: when doing reverse proxy, servers to which requests are proxied are usually trusted
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
http://security-tracker.debian.net/tracker/CVE-2009-3094
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
http://security-tracker.debian.net/tracker/CVE-2009-3095
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqotOkACgkQNxpp46476ar6FwCeMtLWlTSFzMgYQXHELSpCSXOM
Nv0AnReVdv6JuBkn0rEmhy8WmJBKzCAp
=fwCl
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list