—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Sun Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

Bitte beachten Sie, dass dies ein Update des Advisories ist, das die
folgenden Aenderungen betrifft:

Mit diesem Update gibt SUN die Verfuegbarkeit von Patches fuer Solaris
9 an.

CVE-2009-0796 – Cross-site Scripting Schwachstelle in mod_perl

Benutzereingaben in Status.pm (Apache::Status und Apache::Status2 in
mod_perl1 bzw. mod_perl2 fuer den Apache HTTP Server) werden
unzureichend ueberprueft. Ein entfernter Angreifer, dem Zugriff auf
/perl-status moeglich ist, kann diese Schwachstelle fuer ein Cross-site
Scripting ueber den URI ausnutzen.

Betroffen sind die folgenden Software Pakete und Plattformen:

Apache 1.3 Server mod_perl(3) (Status.pm)

SPARC Plattform
* Solaris 8
* Solaris 9 ohne Patch 113146-13 oder neuer
* Solaris 10 ohne Patch 122911-18 oder neuer
* OpenSolaris vor Build snv_117

x86 Plattform
* Solaris 8
* Solaris 9 ohne Patch 114145-12 oder neuer
* Solaris 10 ohne Patch 122912-18 oder neuer
* OpenSolaris vor Build snv_117

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274110-1

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Jens Grabarske

– —

Jens Grabarske (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

Alert URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-274110-1
Sun Security Alert: 274110

Security Vulnerability in the Apache 1.3 “mod_perl” Module Component
“Status.pm” May Lead to Unauthorized Access to Data
__________________________________________________________________

Category : Security
Release Phase : Workaround
Bug Id : 6840453
Product : Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
OpenSolaris
Date of Workaround Release : 15-Dec-2009
Security Vulnerability in the Apache 1.3 “mod_perl” Module Component “Status.pm
” May Lead to Unauthorized Access to Data

1. Impact
A cross-site scripting (XSS) vulnerability in the Apache 1.3 HTTP
server “mod_perl” module’s perl-status utility may allow an
unprivileged remote user to inject arbitrary web script or HTML while
accessing a crafted URL to perl-status utility. This can result in
various impacts including the theft of sensitive information such as
cookie information, access to user credentials or the hijacking of
sessions.
Additional information regarding this issue is available at:
CVE-2009-0796 at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
* Solaris 8
* Solaris 9 without patch 113146-13
* Solaris 10 without patch 122911-18
* OpenSolaris based upon builds snv_01 through snv_116

x86 Platform
* Solaris 8
* Solaris 9 without patch 114145-12
* Solaris 10 without patch 122912-18
* OpenSolaris based upon builds snv_01 through snv_116

Notes:
1. OpenSolaris distributions may include additional bug fixes above and
beyond the build from which it was derived. To determine the base build
of OpenSolaris, the following command can be used:
$ uname -v
snv_111

2. A system is only vulnerable to the described issue if the Apache 1.3
web server has been configured and is running on the system.
The following command can be executed to determine if the Apache 1.3
web server is currently running on the system:
$ /usr/bin/ps -ef | grep httpd
nobody 103892 102307 0 Jan 20 ? 0:27 /usr/apache/bin/httpd

3. The vulnerability only affects systems which make use of the Apache
1.3 Server mod_perl(3) (Status.pm) component.
To determine if the “Status.pm” component is used, the following
command can be run for all configuration files that define the running
Apache 1.3 configurations:
$ grep Apache::Status /etc/apache/httpd.conf
PerlHandler Apache::Status

Note: Solaris 8 entered EOSL Phase 2 on 1 April 2009. Entitlement to
patches developed on or after 1 April 2009 requires the purchase of the
Solaris 8 Vintage Patch Service. See Note in section 5 for more
details.
3. Symptoms
There are no predictable symptoms that would indicate the issue has
been exploited.
4. Workaround
To work around the described issue, do not configure the mod_perl(3)
component Status.pm in the Apache 1.3 “httpd.conf” file. This may be
done by commenting the corresponding sections in the configuration file
which contain “Apache::Status”.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 9 with patch 113146-13 or later
* Solaris 10 with patch 122911-18 or later
* OpenSolaris based upon builds snv_117 or later

x86 Platform
* Solaris 9 with patch 114145-12 or later
* Solaris 10 with patch 122912-18 or later
* OpenSolaris based upon builds snv_117 or later

A final resolution is pending completion for Solaris 8.
Note: The READMEs of Solaris 8 patches developed on or after 1 April
2009 are available to all customers however Solaris 8 entered EOSL
Phase 2 on April 1, 2009 and thus entitlement for these patches,
including those that fix security vulnerabilities, requires the
purchase of the Solaris 8 Vintage Patch Service. More information about
the Solaris 8 Vintage Patch Service is available at:
http://www.sun.com/service/eosl/Solaris8.html
For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
Modification History
25-Feb-2010: Updated for Patches Pending
08-Mar-2010: Updated Contributing Factors and Resolution sections for Solaris 9
patches

Attachments
This solution has no attachment

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFLll/AWmhIvjFb90URAubZAJ9V0bSro81yJjWAfiHMBVlDI3pC3QCfYv2Q
KRfiIDXaXWO6PNVDAp2/GJo=
=VmDY
—–END PGP SIGNATURE—–