Intrusion Prevention

Apache.mod_isapi.Dangling.Pointer.Code.Execution

Description

This indicates an attack attempt against a memory-corruption vulnerability in the Apache HTTP server.
The vulnerability is due to an error when the mod_isapi module is handling a malicious POST request followed by a RST packet. It may allow remote attackers to execute arbitrary code by sending crafted HTTP POST requests.

Affected Products

Slackware Linux x86_64 -current
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux 12.2
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux -current
IBM HTTP Server 6.1.0
Apache Software Foundation Apache 2.2.14
Apache Software Foundation Apache 2.2.13
Apache Software Foundation Apache 2.2.12
Apache Software Foundation Apache 2.2.11
Apache Software Foundation Apache 2.2.10
Apache Software Foundation Apache 2.2.9
Apache Software Foundation Apache 2.2.8
Apache Software Foundation Apache 2.2.6
Apache Software Foundation Apache 2.2.5
Apache Software Foundation Apache 2.2.4
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.2.2
Apache Software Foundation Apache 2.2 .0
Apache Software Foundation Apache 2.0.63
Apache Software Foundation Apache 2.0.59
Apache Software Foundation Apache 2.0.56 -dev
Apache Software Foundation Apache 2.0.55
Apache Software Foundation Apache 2.0.54
Apache Software Foundation Apache 2.0.53
Apache Software Foundation Apache 2.0.52
Apache Software Foundation Apache 2.0.51
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.48
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.2.7-dev
Apache Software Foundation Apache 2.2.6-dev
Apache Software Foundation Apache 2.2.5-dev
Apache Software Foundation Apache 2.2.1
Apache Software Foundation Apache 2.2
Apache Software Foundation Apache 2.0.62-dev
Apache Software Foundation Apache 2.0.61-dev
Apache Software Foundation Apache 2.0.60-dev
Apache Software Foundation Apache 2.0.58
Apache Software Foundation Apache 2.0.57

Impact

The system can be compromised by remote attackers to gain control of vulnerable systems.

Recommended Actions

Apply the appropriate patch, available from the following web sites:
Slackware Linux x86_64 -current
Slackware httpd-2.2.15-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.15-x86_64-1.txz
Slackware Linux 12.0
Slackware httpd-2.2.15-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.15-i486-1_slack12.0.tgz
Slackware Linux -current
Slackware httpd-2.2.15-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.15-i486-1.txz
Slackware Linux 12.2
Slackware httpd-2.2.15-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.15-i486-1_slack12.2.tgz
Slackware Linux 13.0 x86_64
Slackware httpd-2.2.15-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.15-x86_64-1_slack13.0.txz
Slackware Linux 12.1
Slackware httpd-2.2.15-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.15-i486-1_slack12.1.tgz
Slackware Linux 13.0
Slackware httpd-2.2.15-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.15-i486-1_slack13.0.txz

CVE References

CVE-2010-0425