Debian DSA-3896-1 : apache2 - security update

critical Nessus Plugin ID 101013

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been found in the Apache HTTPD server.

- CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

- CVE-2017-3169 Vasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port leading to a denial of service.

- CVE-2017-7659 Robert Swiecki reported that a specially crafted HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.

- CVE-2017-7668 Javier Jimenez reported that the HTTP strict parsing contains a flaw leading to a buffer overread in ap_find_token(). A remote attacker can take advantage of this flaw by carefully crafting a sequence of request headers to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

- CVE-2017-7679 ChenQin and Hanno Boeck reported that mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

Solution

Upgrade the apache2 packages.

For the oldstable distribution (jessie), these problems have been fixed in version 2.4.10-10+deb8u9. The oldstable distribution (jessie) is not affected by CVE-2017-7659.

For the stable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2017-3167

https://security-tracker.debian.org/tracker/CVE-2017-3169

https://security-tracker.debian.org/tracker/CVE-2017-7659

https://security-tracker.debian.org/tracker/CVE-2017-7668

https://security-tracker.debian.org/tracker/CVE-2017-7679

https://packages.debian.org/source/jessie/apache2

https://packages.debian.org/source/stretch/apache2

https://www.debian.org/security/2017/dsa-3896

Plugin Details

Severity: Critical

ID: 101013

File Name: debian_DSA-3896.nasl

Version: 3.14

Type: local

Agent: unix

Published: 6/23/2017

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:9.0, cpe:/o:debian:debian_linux:8.0, p-cpe:/a:debian:debian_linux:apache2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 6/22/2017

Reference Information

CVE: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679

DSA: 3896