FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache 1.3 IP address access control failure on some 64-bit platforms

Affected packages
apache < 1.3.29_2
apache+mod_ssl < 1.3.29+2.8.16_1
apache+ssl < 1.3.29.1.53_1
ru-apache < 1.3.29+30.19_1
ru-apache+mod_ssl < 1.3.29+30.19+2.8.16_1

Details

VuXML ID 09d418db-70fd-11d8-873f-0020ed76ef5a
Discovery 2004-03-07
Entry 2004-03-08
Modified 2004-03-12

Henning Brauer discovered a programming error in Apache 1.3's mod_access that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a `deny from' IP address access control rule including a netmask to fail.

References

Bugtraq ID 9829
CVE Name CVE-2003-0993
Message http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
URL http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47
URL http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850
URL http://www.apacheweek.com/features/security-13

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.