https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Bug 1623265 depends on bug 1623268, which changed state.
Bug 1623268 Summary: CVE-2011-2767 mod_perl: arbitrary Perl code execution in
the context of the user account via a user-owned .htaccess [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Bug 1623265 depends on bug 1623267, which changed state.
Bug 1623267 Summary: CVE-2011-2767 mod_perl: arbitrary Perl code execution in
the context of the user account via a user-owned .htaccess [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
errata-xmlrpc changed:
What|Removed |Added
External Bug ID||Red Hat Product Errata
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #16 from errata-xmlrpc ---
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 6
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #15 from errata-xmlrpc ---
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 7
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
errata-xmlrpc changed:
What|Removed |Added
External Bug ID||Red Hat Product Errata
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #13 from Fedora Update System ---
mod_perl-2.0.10-13.fc29 has been pushed to the Fedora 29 stable repository. If
problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #12 from Fedora Update System ---
mod_perl-2.0.10-3.el7 has been pushed to the Fedora EPEL 7 stable repository.
If problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #11 from Fedora Update System ---
mod_perl-2.0.10-11.fc28 has been pushed to the Fedora 28 stable repository. If
problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #10 from Fedora Update System ---
mod_perl-2.0.10-9.fc27 has been pushed to the Fedora 27 stable repository. If
problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #9 from Scott Gayou ---
Statement:
The default configurations shipped in Red Hat Enterprise Linux 6 and Red Hat
Software Collections are not vulnerable to to this flaw. The UserDir option
needs to be enabled as well as
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #7 from Scott Gayou ---
Mitigation:
Disabling the UserDir directive and also setting AllowOverride None should
mitigate the processing of perl in user .htaccess files.
--
You are receiving this mail because:
You are on the CC
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #8 from Scott Gayou ---
Mitigation:
Disabling the UserDir directive and also setting AllowOverride None should
prevent the processing of perl in user .htaccess files.
--
You are receiving this mail because:
You are on the CC
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #6 from Scott Gayou ---
Thanks for the reproduction notes ppisar. Quite easy to reproduce and gain code
execution as the apache process. As a note, SELinux does technically mitigate
this in that the UserDir functionality will not
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Scott Gayou changed:
What|Removed |Added
Whiteboard|impact=important,public=201 |impact=important,public=201
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Scott Gayou changed:
What|Removed |Added
Depends On||1626276, 1626273, 1626274,
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Scott Gayou changed:
What|Removed |Added
Whiteboard|impact=important,public=201 |impact=important,public=201
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Scott Gayou changed:
What|Removed |Added
Whiteboard|impact=important,public=201 |impact=important,public=201
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Scott Gayou changed:
What|Removed |Added
Priority|medium |high
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Scott Gayou changed:
What|Removed |Added
Whiteboard|impact=moderate,public=2011 |impact=moderate,public=2011
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Yasuhiro Ozone changed:
What|Removed |Added
CC||yoz...@redhat.com
--
You are
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Petr Pisar changed:
What|Removed |Added
External Bug ID||CPAN 126984
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
--- Comment #3 from Petr Pisar ---
Reproducer:
(1) Enable user's ~/public_html directories in httpd configuration (add
"UserDir public_html" directive to /etc/httpd/conf.d/userdir.conf) and enable
httpd_enable_homedirs SELinux boolean.
(2)
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Laura Pardo changed:
What|Removed |Added
Blocks||1623271
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1623265
Laura Pardo changed:
What|Removed |Added
Depends On||1623268, 1623267, 1623269
--- Comment
25 matches
Mail list logo
