Release DateApr 22, 2010 |
Severityhigh |
ImpactThe system can be compromised by remote attackers to gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a memory-corruption vulnerability in the Apache HTTP server.The vulnerability is due to an error when the mod_isapi module is handling a malicious POST request followed by a RST packet. It may allow remote attackers to execute arbitrary code by sending crafted HTTP POST requests. |
Affected ProductsSlackware Linux x86_64 -currentSlackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current IBM HTTP Server 6.1.0 Apache Software Foundation Apache 2.2.14 Apache Software Foundation Apache 2.2.13 Apache Software Foundation Apache 2.2.12 Apache Software Foundation Apache 2.2.11 Apache Software Foundation Apache 2.2.10 Apache Software Foundation Apache 2.2.9 Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.2.6 Apache Software Foundation Apache 2.2.5 Apache Software Foundation Apache 2.2.4 Apache Software Foundation Apache 2.2.3 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2 .0 Apache Software Foundation Apache 2.0.63 Apache Software Foundation Apache 2.0.59 Apache Software Foundation Apache 2.0.56 -dev Apache Software Foundation Apache 2.0.55 Apache Software Foundation Apache 2.0.54 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 Apache Software Foundation Apache 2.0.51 Apache Software Foundation Apache 2.0.50 Apache Software Foundation Apache 2.0.49 Apache Software Foundation Apache 2.0.48 Apache Software Foundation Apache 2.0.47 Apache Software Foundation Apache 2.0.46 Apache Software Foundation Apache 2.0.45 Apache Software Foundation Apache 2.0.44 Apache Software Foundation Apache 2.0.43 Apache Software Foundation Apache 2.0.42 Apache Software Foundation Apache 2.0.41 Apache Software Foundation Apache 2.0.40 Apache Software Foundation Apache 2.0.39 Apache Software Foundation Apache 2.0.38 Apache Software Foundation Apache 2.0.37 Apache Software Foundation Apache 2.2.7-dev Apache Software Foundation Apache 2.2.6-dev Apache Software Foundation Apache 2.2.5-dev Apache Software Foundation Apache 2.2.1 Apache Software Foundation Apache 2.2 Apache Software Foundation Apache 2.0.62-dev Apache Software Foundation Apache 2.0.61-dev Apache Software Foundation Apache 2.0.60-dev Apache Software Foundation Apache 2.0.58 Apache Software Foundation Apache 2.0.57 |
Recommended ActionsApply the appropriate patch, available from the following web sites:Slackware Linux x86_64 -current Slackware httpd-2.2.15-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.15-x86_64-1.txz Slackware Linux 12.0 Slackware httpd-2.2.15-i486-1_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.15-i486-1_slack12.0.tgz Slackware Linux -current Slackware httpd-2.2.15-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.15-i486-1.txz Slackware Linux 12.2 Slackware httpd-2.2.15-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.15-i486-1_slack12.2.tgz Slackware Linux 13.0 x86_64 Slackware httpd-2.2.15-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.15-x86_64-1_slack13.0.txz Slackware Linux 12.1 Slackware httpd-2.2.15-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.15-i486-1_slack12.1.tgz Slackware Linux 13.0 Slackware httpd-2.2.15-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.15-i486-1_slack13.0.txz |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-0425 |
Reference/shttp://www.senseofsecurity.com.au/advisories/SOS-10-002http://www.exploit-db.com/exploits/11650 http://www.securityfocus.com/bid/38494 (BugTraq) |
