|
|
Apache 两次解析查询导致日志条目可欺骗漏洞
发布时间:2002-03-28
更新时间:2002-03-28
严重程度:低
威胁程度:欺骗
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:4358
受影响系统Apache Group Apache 1.3.9win32
Apache Group Apache 1.3.9
+ Debian Linux 2.2
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 sparc
- Sun Solaris 8.0
- Sun Solaris 8.0_x86
Apache Group Apache 1.3.11win32
Apache Group Apache 1.3.11
Apache Group Apache 1.3.12win32
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Apache Group Apache 1.3.12
Apache Group Apache 1.3.13win32
Apache Group Apache 1.3.14win32
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Apache Group Apache 1.3.14
Apache Group Apache 1.3.15win32
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Apache Group Apache 1.3.16win32
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Apache Group Apache 1.3.17win32
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows 98SE 0.0
- Microsoft Windows ME 0.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Apache Group Apache 1.3.17
Apache Group Apache 1.3.18win32
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Apache Group Apache 1.3.18
Apache Group Apache 1.3.19win32
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Apache Group Apache 1.3.19
- Apple MacOS X 10.0.3
- Caldera eDesktop 2.4
- Caldera eServer 2.3.1
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0f
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0g
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- FreeBSD FreeBSD 3.5.1
- FreeBSD FreeBSD 4.2
- HP HP-UX 10.20
- HP HP-UX 11.0
- HP HP-UX 11.11
+ HP Secure OS software for Linux 1.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
- NetBSD NetBSD 1.5
- NetBSD NetBSD 1.5.1
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.9
- RedHat Linux 6.2
- RedHat Linux 7.0
- RedHat Linux 7.1
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.1
- SGI IRIX 6.5.8
- SGI IRIX 6.5.9
- Sun Solaris 7.0
- Sun Solaris 8.0
Apache Group Apache 1.3.20win32
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Apache Group Apache 1.3.20
Apache Group Apache 1.3.22win32
- Microsoft Windows 2000 Advanced Server 0.0
- Microsoft Windows 2000 Advanced Server 0.0SP1
- Microsoft Windows 2000 Advanced Server 0.0SP2
- Microsoft Windows 2000 Datacenter Server 0.0
- Microsoft Windows 2000 Datacenter Server 0.0SP1
- Microsoft Windows 2000 Datacenter Server 0.0SP2
- Microsoft Windows 2000 Professional 0.0
- Microsoft Windows 2000 Professional 0.0SP1
- Microsoft Windows 2000 Professional 0.0SP2
- Microsoft Windows 2000 Server 0.0
- Microsoft Windows 2000 Server 0.0SP1
- Microsoft Windows 2000 Server 0.0SP2
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0SP1
- Microsoft Windows NT Enterprise Server 4.0SP2
- Microsoft Windows NT Enterprise Server 4.0SP3
- Microsoft Windows NT Enterprise Server 4.0SP4
- Microsoft Windows NT Enterprise Server 4.0SP5
- Microsoft Windows NT Enterprise Server 4.0SP6
- Microsoft Windows NT Enterprise Server 4.0SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0SP1
- Microsoft Windows NT Server 4.0SP2
- Microsoft Windows NT Server 4.0SP3
- Microsoft Windows NT Server 4.0SP4
- Microsoft Windows NT Server 4.0SP5
- Microsoft Windows NT Server 4.0SP6
- Microsoft Windows NT Server 4.0SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0SP1
- Microsoft Windows NT Terminal Server 4.0SP2
- Microsoft Windows NT Terminal Server 4.0SP3
- Microsoft Windows NT Terminal Server 4.0SP4
- Microsoft Windows NT Terminal Server 4.0SP5
- Microsoft Windows NT Terminal Server 4.0SP6
- Microsoft Windows NT Terminal Server 4.0SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0SP1
- Microsoft Windows NT Workstation 4.0SP2
- Microsoft Windows NT Workstation 4.0SP3
- Microsoft Windows NT Workstation 4.0SP4
- Microsoft Windows NT Workstation 4.0SP5
- Microsoft Windows NT Workstation 4.0SP6
- Microsoft Windows NT Workstation 4.0SP6a
- Microsoft Windows XP Home 0.0
- Microsoft Windows XP Professional 0.0
Apache Group Apache 1.3.22
- MandrakeSoft Corporate Server 1.0.1
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.0 ppc
- MandrakeSoft Linux Mandrake 8.1
Apache Group Apache 1.3.23win32
- Microsoft Windows 2000 Advanced Server 0.0
- Microsoft Windows 2000 Advanced Server 0.0SP1
- Microsoft Windows 2000 Advanced Server 0.0SP2
- Microsoft Windows 2000 Datacenter Server 0.0
- Microsoft Windows 2000 Datacenter Server 0.0SP1
- Microsoft Windows 2000 Datacenter Server 0.0SP2
- Microsoft Windows 2000 Professional 0.0
- Microsoft Windows 2000 Professional 0.0SP1
- Microsoft Windows 2000 Professional 0.0SP2
- Microsoft Windows 2000 Server 0.0
- Microsoft Windows 2000 Server 0.0SP1
- Microsoft Windows 2000 Server 0.0SP2
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0SP1
- Microsoft Windows NT Enterprise Server 4.0SP2
- Microsoft Windows NT Enterprise Server 4.0SP3
- Microsoft Windows NT Enterprise Server 4.0SP4
- Microsoft Windows NT Enterprise Server 4.0SP5
- Microsoft Windows NT Enterprise Server 4.0SP6
- Microsoft Windows NT Enterprise Server 4.0SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0SP1
- Microsoft Windows NT Server 4.0SP2
- Microsoft Windows NT Server 4.0SP3
- Microsoft Windows NT Server 4.0SP4
- Microsoft Windows NT Server 4.0SP5
- Microsoft Windows NT Server 4.0SP6
- Microsoft Windows NT Server 4.0SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0SP1
- Microsoft Windows NT Terminal Server 4.0SP2
- Microsoft Windows NT Terminal Server 4.0SP3
- Microsoft Windows NT Terminal Server 4.0SP4
- Microsoft Windows NT Terminal Server 4.0SP5
- Microsoft Windows NT Terminal Server 4.0SP6
- Microsoft Windows NT Terminal Server 4.0SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0SP1
- Microsoft Windows NT Workstation 4.0SP2
- Microsoft Windows NT Workstation 4.0SP3
- Microsoft Windows NT Workstation 4.0SP4
- Microsoft Windows NT Workstation 4.0SP5
- Microsoft Windows NT Workstation 4.0SP6
- Microsoft Windows NT Workstation 4.0SP6a
- Microsoft Windows XP Home 0.0
- Microsoft Windows XP Professional 0.0
Apache Group Apache 1.3.23 详细描述
Apache是免费的流行WEB服务器。
在某些环境下,APACHE可以记录非法主机名信息,如果两次解析DNS查询执行但失败的话,非法主机名就会出现在日志中,如如果主机名不能在两次解析DNS查询中正确解析为IP地址就会出现这种情况。
攻击者可以利用这个漏洞来进行信息掩盖。
测试代码
尚无
解决方案
升级程序:
Apache Group Apache 1.3.9win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.9:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.11win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.11:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.12win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.12:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.13win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.14win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.14:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.15win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.16win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.17win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.17:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.18win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.18:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.19win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.19:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.20win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.20:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.22win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.22:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.23win32:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
Apache Group Apache 1.3.23:
Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/
相关信息
相关主页:http://www.apache.org/
|
