Ubuntu
libapache2-mod-fcgid package

CVE-2010-3872: stack buffer overwrite

Bug #698060 reported by Felix Geyer on 2011-01-06

260

This bug affects 1 person

	Status	Importance	Assigned to
Apache 2 mod_fcgid	Fix Released	Critical	asf-bugs #49406
libapache2-mod-fcgid (Debian)	Fix Released	Unknown	debbugs #605484
libapache2-mod-fcgid (Ubuntu)	Fix Released	Undecided	Unassigned
Hardy	Fix Released	Undecided	Steve Beattie
Karmic	Fix Released	Undecided	Steve Beattie
Lucid	Fix Released	Undecided	Steve Beattie
Maverick	Fix Released	Undecided	Steve Beattie

Bug Description

Binary package hint: libapache2-mod-fcgid

> The apr_status_t fcgid_header_bucket_read function in
> fcgid_bucket.c in Apache mod_fcgid before 2.3.6 does
> not use bytewise pointer arithmetic in certain circumstances,
> which has unknown impact and attack vectors related to
> "untrusted FastCGI applications" and a "stack buffer overwrite."

The bug is fixed by this upstream commit:
https://svn.apache.org/viewvc?view=revision&revision=1030894

Related branches

lp:ubuntu/hardy-security/libapache2-mod-fcgid

lp:ubuntu/karmic-security/libapache2-mod-fcgid

lp:ubuntu/lucid-security/libapache2-mod-fcgid

lp:ubuntu/maverick-updates/libapache2-mod-fcgid

CVE References

2010-3872

Felix Geyer (debfx) on 2011-01-06

visibility:

private → public

Revision history for this message

Felix Geyer (debfx) wrote on 2011-01-06:

Version 2.3.6 already is in natty.

Changed in libapache2-mod-fcgid (Ubuntu):
status:	New → Fix Released

Revision history for this message

Felix Geyer (debfx) wrote on 2011-01-06:

libapache2-mod-fcgid_2.2-1ubuntu0.8.04.1.debdiff Edit (989 bytes, text/plain)

libapache2-mod-fcgid (1:2.2-1ubuntu0.8.04.1) hardy-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
    - fcgid_bucket.c: patch from upstream
    - CVE-2010-3872

-- Felix Geyer <email address hidden> Thu, 06 Jan 2011 12:49:03 +0100

Revision history for this message

Felix Geyer (debfx) wrote on 2011-01-06:

libapache2-mod-fcgid_2.2-1ubuntu0.9.10.1.debdiff Edit (990 bytes, text/plain)

libapache2-mod-fcgid (1:2.2-1ubuntu0.9.10.1) karmic-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
    - fcgid_bucket.c: patch from upstream
    - CVE-2010-3872

-- Felix Geyer <email address hidden> Thu, 06 Jan 2011 12:57:47 +0100

Revision history for this message

Felix Geyer (debfx) wrote on 2011-01-06:

libapache2-mod-fcgid_2.3.4-2ubuntu0.2.debdiff Edit (1.1 KiB, text/plain)

libapache2-mod-fcgid (1:2.3.4-2ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
    - modules/fcgid/fcgid_bucket.c: patch from upstream
    - CVE-2010-3872

-- Felix Geyer <email address hidden> Thu, 06 Jan 2011 13:04:02 +0100

Revision history for this message

Felix Geyer (debfx) wrote on 2011-01-06:

libapache2-mod-fcgid_2.3.5-2ubuntu0.1.debdiff Edit (1.7 KiB, text/plain)

libapache2-mod-fcgid (1:2.3.5-2ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
    - modules/fcgid/fcgid_bucket.c: patch from upstream
    - CVE-2010-3872

-- Felix Geyer <email address hidden> Thu, 06 Jan 2011 13:12:50 +0100

Changed in libapache2-mod-fcgid (Ubuntu Hardy):
status:	New → Confirmed
Changed in libapache2-mod-fcgid (Ubuntu Karmic):
status:	New → Confirmed
Changed in libapache2-mod-fcgid (Ubuntu Lucid):
status:	New → Confirmed
Changed in libapache2-mod-fcgid (Ubuntu Maverick):
status:	New → Confirmed

Revision history for this message

Steve Beattie (sbeattie) wrote on 2011-01-06:

Thanks, accepting, I'll shepherd these through.

Changed in libapache2-mod-fcgid (Ubuntu Hardy):
assignee:	nobody → Steve Beattie (sbeattie)
Changed in libapache2-mod-fcgid (Ubuntu Karmic):
assignee:	nobody → Steve Beattie (sbeattie)
Changed in libapache2-mod-fcgid (Ubuntu Lucid):
assignee:	nobody → Steve Beattie (sbeattie)
Changed in libapache2-mod-fcgid (Ubuntu Maverick):
assignee:	nobody → Steve Beattie (sbeattie)
Changed in libapache2-mod-fcgid (Ubuntu Hardy):
status:	Confirmed → In Progress
Changed in libapache2-mod-fcgid (Ubuntu Lucid):
status:	Confirmed → In Progress
Changed in libapache2-mod-fcgid (Ubuntu Karmic):
status:	Confirmed → In Progress
Changed in libapache2-mod-fcgid (Ubuntu Maverick):
status:	Confirmed → In Progress

Revision history for this message

Steve Beattie (sbeattie) wrote on 2011-01-10:

Felix, thanks for preparing these. A couple of minor comments about your debdiffs: the lucid and maverick versions of the package use dpatch to manage changes and it's preferred to make changes within that system; also, remember to update the maintainer field to not point at the Debian maintainer. Attached is an example of what the maverick debdiff should look like and will release packages based on your work shortly. Thanks again!

Revision history for this message

Steve Beattie (sbeattie) wrote on 2011-01-10:

libapache2-mod-fcgid_2.3.5-2ubuntu0.1.debdiff Edit (2.8 KiB, text/plain)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-10:

This bug was fixed in the package libapache2-mod-fcgid - 1:2.3.5-2ubuntu0.1

---------------
libapache2-mod-fcgid (1:2.3.5-2ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
    - debian/patches/CVE-2010-3872.patch: patch from upstream
    - CVE-2010-3872
-- Felix Geyer <email address hidden> Thu, 06 Jan 2011 13:12:50 +0100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-10:

#10

This bug was fixed in the package libapache2-mod-fcgid - 1:2.3.4-2ubuntu0.2

---------------
libapache2-mod-fcgid (1:2.3.4-2ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
    - modules/fcgid/fcgid_bucket.c: patch from upstream
    - CVE-2010-3872
-- Felix Geyer <email address hidden> Thu, 06 Jan 2011 13:04:02 +0100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-10:

#11

This bug was fixed in the package libapache2-mod-fcgid - 1:2.2-1ubuntu0.9.10.1

---------------
libapache2-mod-fcgid (1:2.2-1ubuntu0.9.10.1) karmic-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
    - fcgid_bucket.c: patch from upstream
    - CVE-2010-3872
-- Felix Geyer <email address hidden> Thu, 06 Jan 2011 12:57:47 +0100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-01-10:

#12

This bug was fixed in the package libapache2-mod-fcgid - 1:2.2-1ubuntu0.8.04.1

---------------
libapache2-mod-fcgid (1:2.2-1ubuntu0.8.04.1) hardy-security; urgency=low

  * SECURITY UPDATE: possible stack buffer overwrite (LP: #698060)
    - fcgid_bucket.c: patch from upstream
    - CVE-2010-3872
-- Felix Geyer <email address hidden> Thu, 06 Jan 2011 12:49:03 +0100

Changed in libapache2-mod-fcgid (Ubuntu Hardy):
status:	In Progress → Fix Released
Changed in libapache2-mod-fcgid (Ubuntu Karmic):
status:	In Progress → Fix Released
Changed in libapache2-mod-fcgid (Ubuntu Lucid):
status:	In Progress → Fix Released
Changed in libapache2-mod-fcgid (Ubuntu Maverick):
status:	In Progress → Fix Released

Bug Watch Updater (bug-watch-updater) on 2011-01-10

Changed in libapache2-mod-fcgid (Debian):
status:	Unknown → Fix Released

Bug Watch Updater (bug-watch-updater) on 2011-02-14

Changed in mod-fcgid:
importance:	Unknown → Critical
status:	Unknown → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #605484
[done grave security lenny] Edit
asf-bugs #49406
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibapache2-mod-fcgid package

CVE-2010-3872: stack buffer overwrite

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
libapache2-mod-fcgid package