REDHAT-BUG-521619: Null Pointer Dereference
First published: Mon Sep 07 2009(Updated: )
A NULL pointer dereference flaw was discovered in httpd's mod_proxy_ftp module. Malicious FTP server can use this flaw to crash httpd's child process via malformed reply to EPSV FTP command. Problem was confirmed in both 2.0.x and 2.2.x httpd versions. References: <a href="http://www.intevydis.com/blog/?p=59">http://www.intevydis.com/blog/?p=59</a> <a href="http://secunia.com/advisories/36549/">http://secunia.com/advisories/36549/</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | >=2.0.x<=2.2.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.intevydis.com/blog/?p=59
- http://secunia.com/advisories/36549/
- https://access.redhat.com/security/cve/CVE-2009-3094
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
- http://intevydis.com/vd-list.shtml
- http://secunia.com/advisories/36549
- http://svn.apache.org/viewvc?view=rev&revision=814652
- https://rhn.redhat.com/errata/RHSA-2009-1461.html
- http://httpd.apache.org/security/vulnerabilities_22.html
- https://rhn.redhat.com/errata/RHSA-2009-1580.html
- https://rhn.redhat.com/errata/RHSA-2009-1579.html
- http://admin.fedoraproject.org/updates/httpd-2.2.14-1.fc11
- http://admin.fedoraproject.org/updates/httpd-2.2.14-1.fc10
- https://rhn.redhat.com/errata/RHSA-2010-0011.html
- https://rhn.redhat.com/errata/RHSA-2010-0602.html
- https://bugzilla.redhat.com/show_bug.cgi?id=521619
Frequently Asked Questions
What is the severity of REDHAT-BUG-521619?
The severity of REDHAT-BUG-521619 is moderate due to the potential for denial of service.
How do I fix REDHAT-BUG-521619?
To fix REDHAT-BUG-521619, upgrade Apache HTTP Server to version 2.2.x or later, where the issue has been addressed.
What versions are affected by REDHAT-BUG-521619?
REDHAT-BUG-521619 affects Apache HTTP Server versions 2.0.x and 2.2.x.
Can REDHAT-BUG-521619 be exploited remotely?
Yes, REDHAT-BUG-521619 can be exploited remotely by a malicious FTP server to crash the Apache HTTP Server.
What module is responsible for the vulnerability in REDHAT-BUG-521619?
The vulnerability in REDHAT-BUG-521619 is caused by a NULL pointer dereference flaw in the mod_proxy_ftp module.
- agent/references
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3094
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache http server