安全研究

安全漏洞
Apache Mod_Auth_Shadow认证绕过漏洞

发布日期:2005-10-28
更新日期:2005-10-28

受影响系统:
Debian Linux 3.1
Debian Linux 3.0
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
MandrakeSoft Linux Mandrake 10.2 x86_64
MandrakeSoft Linux Mandrake 10.2
MandrakeSoft Linux Mandrake 10.1 x86_64
MandrakeSoft Linux Mandrake 10.1
mod_auth_shadow mod_auth_shadow 2.0
mod_auth_shadow mod_auth_shadow 1.4
mod_auth_shadow mod_auth_shadow 1.3
mod_auth_shadow mod_auth_shadow 1.2
mod_auth_shadow mod_auth_shadow 1.1
mod_auth_shadow mod_auth_shadow 1.0
不受影响系统:
mod_auth_shadow mod_auth_shadow 2.1
mod_auth_shadow mod_auth_shadow 1.5
描述:
BUGTRAQ  ID: 15224
CVE(CAN) ID: CVE-2005-2963

mod-auth-shadow是Apache HTTP Server用于认证/etc/shadow文件的模块。

mod_auth_shadow中的漏洞可能允许绕过预期的认证例程,这可能允许远程认证用户绕过安全限制。

如果启用了AuthShadow的话,则mod_auth_shadow模块会对所有使用require group指令的位置都使用shadow认证,即使已经指定了其他的认证机制。

<*来源:David Herselman
  
  链接:http://www.debian.org/security/2005/dsa-844
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-844-1)以及相应补丁:
DSA-844-1:New mod-auth-shadow packages fix authentication bypass
链接:http://www.debian.org/security/2005/dsa-844

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3-3.1woody.2.dsc
Size/MD5 checksum:      628 78a6276d158c96247f87c2a82ad337c9
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3-3.1woody.2.diff.gz
Size/MD5 checksum:     5818 e57059b3d026f4490e83ef48e7c64551
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3.orig.tar.gz
Size/MD5 checksum:     7476 3ad4432193ac603049ad0f2fa94f2054

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_alpha.deb
Size/MD5 checksum:    12204 4f659abcf88fe710a35c09a24f6294d4

ARM architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_arm.deb
Size/MD5 checksum:    11306 ed1b93be804e3233000e7bc9951ee836

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_i386.deb
Size/MD5 checksum:    11334 a384bb22d08d3d8ad2ee76803517866f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_ia64.deb
Size/MD5 checksum:    13488 63798f86c1cd944d5f635890b1ae7edb

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_hppa.deb
Size/MD5 checksum:    12048 cea187ef3898639b248c9b6f8b36e7a0

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_m68k.deb
Size/MD5 checksum:    11302 8887098ee92b1be61470b8a00ac72df9

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_mips.deb
Size/MD5 checksum:    11466 9846f15f1c98a3cbb01b12d8e8563d93

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_mipsel.deb
Size/MD5 checksum:    11458 d2ae47a2320ef6a8b45aa2354c9eebe9

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_powerpc.deb
Size/MD5 checksum:    11372 1ce0c98e16ea699726c0e45b98de5ec6

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_s390.deb
Size/MD5 checksum:    11516 e92c004036842d0f6f79b0e5d9f64455

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_sparc.deb
Size/MD5 checksum:    14484 524248ef32be0bffef4dcc147eece09b


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4-1sarge1.dsc
Size/MD5 checksum:      618 8a413e53ca39d904d95dccd1b0705693
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4-1sarge1.diff.gz
Size/MD5 checksum:     5816 4b010699db55a2c3446e71cc4af6e167
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4.orig.tar.gz
Size/MD5 checksum:     7982 7da6ea1d72640c334fefab4e078eadd4

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_alpha.deb
Size/MD5 checksum:    13462 9a035f44ccbfec2ddedeb97ba25de685

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_amd64.deb
Size/MD5 checksum:    12978 ffdd9eab120efbd6ad58befb069ead8d

ARM architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_arm.deb
Size/MD5 checksum:    12332 20edffd17e6cfed8bf60d50f0cf918da

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_i386.deb
Size/MD5 checksum:    12426 7e27802cc15e0478e06f00cff72c4133

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_ia64.deb
Size/MD5 checksum:    14444 b1a34f75958df70ee4566445ceb80a26

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_hppa.deb
Size/MD5 checksum:    13602 448068ac275fe81e7ba0d997b8bc3566

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_m68k.deb
Size/MD5 checksum:    12258 ae4ef5bdca2baaeb0067cf908e57ac09

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_mips.deb
Size/MD5 checksum:    13238 e0a0f68fb3a164bc80607ba974a05f3d

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_mipsel.deb
Size/MD5 checksum:    13248 24218030e050490cbe0578474ec46403

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_powerpc.deb
Size/MD5 checksum:    14120 85d7a92000946e11db7ae213960c4927

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_s390.deb
Size/MD5 checksum:    12964 46951fcacb6c99c779e31c7aa21d8bf3

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_sparc.deb
Size/MD5 checksum:    12300 e05d59189d387427c9017180631aeba4

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

mod_auth_shadow
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

* mod_auth_shadow Upgrade mod_auth_shadow-1.5.tar.gz
http://prdownloads.sourceforge.net/mod-auth-shadow/mod_auth_shadow-1.5.tar.gz?download
  
mod_auth_shadow mod_auth_shadow 2.0
* mod_auth_shadow Upgrade mod_auth_shadow-2.1.tar.gz
http://prdownloads.sourceforge.net/mod-auth-shadow/mod_auth_shadow-2.1.tar.gz?download

浏览次数:3948
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客