Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)

medium Nessus Plugin ID 82252

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.
(CVE-2013-5704)

A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled.
(CVE-2014-3581)

This update also fixes the following bugs :

- Previously, the mod_proxy_fcgi Apache module always kept the back-end connections open even when they should have been closed. As a consequence, the number of open file descriptors was increasing over the time. With this update, mod_proxy_fcgi has been fixed to check the state of the back- end connections, and it closes the idle back-end connections as expected.

- An integer overflow occurred in the ab utility when a large request count was used. Consequently, ab terminated unexpectedly with a segmentation fault while printing statistics after the benchmark. This bug has been fixed, and ab no longer crashes in this scenario.

- Previously, when httpd was running in the foreground and the user pressed Ctrl+C to interrupt the httpd processes, a race condition in signal handling occurred.
The SIGINT signal was sent to all children followed by SIGTERM from the main process, which interrupted the SIGINT handler. Consequently, the affected processes became unresponsive or terminated unexpectedly. With this update, the SIGINT signals in the child processes are ignored, and httpd no longer hangs or crashes in this scenario.

In addition, this update adds the following enhancements :

- With this update, the mod_proxy module of the Apache HTTP Server supports the Unix Domain Sockets (UDS). This allows mod_proxy back ends to listen on UDS sockets instead of TCP sockets, and as a result, mod_proxy can be used to connect UDS back ends.

- This update adds support for using the SetHandler directive together with the mod_proxy module. As a result, it is possible to configure SetHandler to use proxy for incoming requests, for example, in the following format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.

- The htaccess API changes introduced in httpd 2.4.7 have been backported to httpd shipped with Scientific Linux 7.1. These changes allow for the MPM-ITK module to be compiled as an httpd module.

After installing the updated packages, the httpd daemon will be restarted automatically.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?6347ee52

Plugin Details

Severity: Medium

ID: 82252

File Name: sl_20150305_httpd_on_SL7_x.nasl

Version: 1.8

Type: local

Agent: unix

Published: 3/26/2015

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:mod_ssl, x-cpe:/o:fermilab:scientific_linux, p-cpe:/a:fermilab:scientific_linux:httpd, p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo, p-cpe:/a:fermilab:scientific_linux:httpd-devel, p-cpe:/a:fermilab:scientific_linux:httpd-manual, p-cpe:/a:fermilab:scientific_linux:httpd-tools, p-cpe:/a:fermilab:scientific_linux:mod_ldap, p-cpe:/a:fermilab:scientific_linux:mod_proxy_html, p-cpe:/a:fermilab:scientific_linux:mod_session

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 3/5/2015

Vulnerability Publication Date: 4/15/2014

Reference Information

CVE: CVE-2013-5704, CVE-2014-3581