Intrusion Prevention

Apache.mod_proxy.Buffer.Overflow.8080

Description

This indicates a possible exploit of a heap based buffer overflow vulnerability in proxy_util.c for mod_proxy in Apache.
By supplying a specially crafted negative "Content-Length" value, a remote attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code on the system.

Affected Products

Trustix Secure Linux 1.5
Sun Solaris 9.0 _x86
Sun Solaris 9.0
Sun Solaris 8.0 _x86
Sun Solaris 8.0
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
SGI ProPack 2.4
RedHat Linux 7.3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD -current
IBM HTTP Server 1.3.28
IBM HTTP Server 1.3.26 .2
IBM HTTP Server 1.3.26 .1
IBM HTTP Server 1.3.26
HP Webproxy 2.1
+ HP HP-UX 11.0 4
HP Webproxy 2.0
+ HP HP-UX 11.0 4
HP Webproxy A.02.10
+ HP HP-UX B.11.04
HP Webproxy A.02.00
+ HP HP-UX B.11.04
HP VirtualVault 11.0.4
HP VirtualVault A.04.70
+ HP HP-UX B.11.04
HP VirtualVault A.04.60
+ HP HP-UX B.11.04
HP VirtualVault A.04.50
+ HP HP-UX B.11.04
HP HP-UX (VVOS) 11.0 4
HP HP-UX 11.22
HP HP-UX 11.20
HP HP-UX 11.11
HP HP-UX 11.0
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Apache Software Foundation Apache 1.3.32
+ Gentoo Linux 1.4
+ Gentoo Linux
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current
Apache Software Foundation Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ MandrakeSoft Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
+ OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ MandrakeSoft Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Enterprise Linux AS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1

Impact

Arbitrary code execution.

Recommended Actions

Apply the patch for this vulnerability:
OpenBSD OpenBSD 3.5
* OpenBSD 013_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch
OpenBSD OpenBSD 3.4
* OpenBSD 025_httpd3.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/025_httpd3.patch
IBM HTTP Server 1.3.26
* IBM PQ89899_1.3.26_AIX
For AIX.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.AIX
* IBM PQ89899_1.3.26_HPUX
For HPUX.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.HPUX
* IBM PQ89899_1.3.26_Linux
For Linux.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.linux-i386
* IBM PQ89899_1.3.26_Solaris
For Solaris.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.solaris-sparc
* IBM PQ89899_1.3.26_Windows
For Windows.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/ApacheModuleProxy.dll.PQ89899.1.3.26.windows
IBM HTTP Server 1.3.26 .2
* IBM PQ89899_1.3.26_AIX
For AIX.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.AIX
* IBM PQ89899_1.3.26_HPUX
For HPUX.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.HPUX
* IBM PQ89899_1.3.26_Linux
For Linux.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.linux-i386
* IBM PQ89899_1.3.26_Solaris
For Solaris.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.solaris-sparc
* IBM PQ89899_1.3.26_Windows
For Windows.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/ApacheModuleProxy.dll.PQ89899.1.3.26.windows
IBM HTTP Server 1.3.26 .1
* IBM PQ89899_1.3.26_AIX
For AIX.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.AIX
* IBM PQ89899_1.3.26_HPUX
For HPUX.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.HPUX
* IBM PQ89899_1.3.26_Linux
For Linux.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.linux-i386
* IBM PQ89899_1.3.26_Solaris
For Solaris.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.26.solaris-sparc
* IBM PQ89899_1.3.26_Windows
For Windows.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/ApacheModuleProxy.dll.PQ89899.1.3.26.windows
Apache Software Foundation Apache 1.3.26
* Apache Software Foundation apache_1.3.33.tar.gz
http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz
* Debian apache-common_1.3.26-0woody5_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apache/apache-common_1. 3.26-0woody5_alpha.deb
* Debian apache-common_1.3.26-0woody5_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_arm.deb
* Debian apache-common_1.3.26-0woody5_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_hppa.deb
* Debian apache-common_1.3.26-0woody5_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_i386.deb
* Debian apache-common_1.3.26-0woody5_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_ia64.deb
* Debian apache-common_1.3.26-0woody5_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_m68k.deb
* Debian apache-common_1.3.26-0woody5_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_mips.deb
* Debian apache-common_1.3.26-0woody5_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_mipsel.deb
* Debian apache-common_1.3.26-0woody5_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_powerpc.deb
* Debian apache-common_1.3.26-0woody5_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_s390.deb
* Debian apache-common_1.3.26-0woody5_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-common_1.3 .26-0woody5_sparc.deb
* Debian apache-dev_1.3.26-0woody5_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_alpha.deb
* Debian apache-dev_1.3.26-0woody5_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_arm.deb
* Debian apache-dev_1.3.26-0woody5_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_hppa.deb
* Debian apache-dev_1.3.26-0woody5_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_i386.deb
* Debian apache-dev_1.3.26-0woody5_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_ia64.deb
* Debian apache-dev_1.3.26-0woody5_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_m68k.deb
* Debian apache-dev_1.3.26-0woody5_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_mips.deb
* Debian apache-dev_1.3.26-0woody5_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_mipsel.deb
* Debian apache-dev_1.3.26-0woody5_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_powerpc.deb
* Debian apache-dev_1.3.26-0woody5_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_s390.deb
* Debian apache-dev_1.3.26-0woody5_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache-dev_1.3.26 -0woody5_sparc.deb
* Debian apache-doc_1.3.26-0woody5_all.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.2 6-0woody5_all.deb
* Debian apache_1.3.26-0woody5_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0w oody5_alpha.deb
* Debian apache_1.3.26-0woody5_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_arm.deb
* Debian apache_1.3.26-0woody5_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_hppa.deb
* Debian apache_1.3.26-0woody5_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_i386.deb
* Debian apache_1.3.26-0woody5_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_ia64.deb
* Debian apache_1.3.26-0woody5_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_m68k.deb
* Debian apache_1.3.26-0woody5_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_mips.deb
* Debian apache_1.3.26-0woody5_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_mipsel.deb
* Debian apache_1.3.26-0woody5_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_powerpc.deb
* Debian apache_1.3.26-0woody5_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_s390.deb
* Debian apache_1.3.26-0woody5_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/a/apche/apache_1.3.26-0wo ody5_sparc.deb
* Mandrake apache-1.3.26-7.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-1.3.26-7.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-common-1.3.26-7.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-common-1.3.26-7.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-devel-1.3.26-7.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-devel-1.3.26-7.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-manual-1.3.26-7.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-manual-1.3.26-7.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-modules-1.3.26-7.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-modules-1.3.26-7.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-source-1.3.26-7.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-source-1.3.26-7.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php
* Slackware apache-1.3.32-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/a pache-1.3.32-i386-1.tgz
* TurboLinux apache-1.3.27-26.i586.rpm
TurboLinux Server 8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/apache-1.3.27-26.i586.rpm
* TurboLinux apache-devel-1.3.27-26.i586.rpm
TurboLinux Server 8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/apache-devel-1.3.27-26.i586.rpm
* TurboLinux apache-manual-1.3.27-26.i586.rpm
TurboLinux Server 8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/apache-manual-1.3.27-26.i586.rpm
* TurboLinux mod_ssl-2.8.14-26.i586.rpm
TurboLinux Server 8
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/mod_ssl-2.8.14-26.i586.rpm
Apache Software Foundation Apache 1.3.27
* Apache Software Foundation apache_1.3.33.tar.gz
http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz
* Mandrake apache-1.3.27-8.3.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-1.3.27-8.3.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-devel-1.3.27-8.3.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-devel-1.3.27-8.3.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-modules-1.3.27-8.3.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-modules-1.3.27-8.3.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-source-1.3.27-8.3.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-source-1.3.27-8.3.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php
* RedHat apache-1.3.27-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/apache-1.3.27 -5.legacy.i386.rpm
* RedHat apache-devel-1.3.27-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/apache-devel- 1.3.27-5.legacy.i386.rpm
* RedHat apache-manual-1.3.27-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/apache-manual -1.3.27-5.legacy.i386.rpm
* Slackware apache-1.3.32-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/a pache-1.3.32-i386-1.tgz
IBM HTTP Server 1.3.28
* IBM PQ89899_1.3.28_AIX
For AIX.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.28.AIX
* IBM PQ89899_1.3.28_HPUX
For HPUX.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.28.HPUX
* IBM PQ89899_1.3.28_Linux
For Linux.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.28.linux-i386
* IBM PQ89899_1.3.28_Solaris
For Solaris.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/libproxy.so.PQ89899.1.3.28.solaris-sparc
* IBM PQ89899_1.3.28_Windows
For Windows.
ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PQ8989 9/ApacheModuleProxy.dll.PQ89899.1.3.28.windows
Apache Software Foundation Apache 1.3.28
* Apache Software Foundation apache_1.3.33.tar.gz
http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz
* Mandrake apache-1.3.28-3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-1.3.28-3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-devel-1.3.28-3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-devel-1.3.28-3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-modules-1.3.28-3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-modules-1.3.28-3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-source-1.3.28-3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-source-1.3.28-3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
* Slackware apache-1.3.32-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/a pache-1.3.32-i486-1.tgz
Apache Software Foundation Apache 1.3.29
* Apache Software Foundation apache_1.3.33.tar.gz
http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz
* Apple SecUpd2004-12-02Jag.dmg
For Mac OS X v10.2.8:
http://www.apple.com/support/downloads/SecUpd2004-12-02Jag.dmg
* Apple SecUpd2004-12-02Pan.dmg
For Mac OS X v10.3.6:
http://www.apple.com/support/downloads/SecUpd2004-12-02Pan.dmg
* Apple SecUpdSrvr2004-12-02Jag.dmg
For Mac OS X Server v10.2.8:
http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Jag.dmg
* Apple SecUpdSrvr2004-12-02Pan.dmg
For Mac OS X Server v10.3.6:
http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Pan.dmg
* Mandrake apache-1.3.29-1.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-1.3.29-1.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-devel-1.3.29-1.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-devel-1.3.29-1.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-modules-1.3.29-1.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-modules-1.3.29-1.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-source-1.3.29-1.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
* Mandrake apache-source-1.3.29-1.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
* OpenPKG apache-1.3.29-2.0.3.src.rpm
ftp://ftp.openpkg.org/release/2.0/UPD/apache-1.3.29-2.0.3.src.rpm
Apache Software Foundation Apache 1.3.31
* Apache Software Foundation CAN-2004-0492.patch
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=108687304202140&q=p 3
* Apache Software Foundation apache_1.3.33.tar.gz
http://www.apache.org/dist/httpd/apache_1.3.33.tar.gz
* Slackware apache-1.3.32-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ apache-1.3.32-i486-1.tgz
* Trustix apache-1.3.33-1tr.i586.rpm
Trustix Secure Linux 1.5
ftp://ftp.trustix.org/pub/trustix/updates/
SGI ProPack 2.4
* SGI patch10084.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0084.tar.gz
Sun Solaris 9.0
* Sun 113146-05
http://sunsolve.sun.com/search/pdownload.pl?target=113146-05&method=hs
Sun Solaris 9.0 _x86
* Sun 114145-04
http://sunsolve.sun.com/search/pdownload.pl?target=114145-04&method=hs

CVE References

CVE-2004-0492