In association with heise online

07 March 2007, 12:11

Ubuntu closes old hole in the Apache module mod_python

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

By exploiting a vulnerability in the Apache2 module mod_python, attackers may possibly have access to sensitive data on the server. The bug is related to the output filter of the module, which accesses and displays freed memory when too many data have to be processed (more than 16,384).

Although this problem has been known since April 2004, it seems that not everybody has realized its significance. In a current security advisory Ubuntu thanks Jim Garrison from the Software Freedom Law Center for having realized the security risk related to the bug. New Ubuntu packages will now, finally, fix the bug.

This problem is also reported as a "new" problem for the issue tracking system of the distribution rPath, but reference is made to the old patch. According to rPath, a solution for the problem will be available from March 15. It is not known which other Linux distributors are also affected.

Although a CVE entry already suspects that security problems might arise, it is unclear why it took nearly three years to confirm the problem; neither is it clear, why the patch, be it security-relevant or not, has not been integrated into the official version before version 3.1.4.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit