Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2010

Help Centre

Reporting Channels

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2010

MA-219.032010 : MyCERT Alert - Apache mod_isapi Dangling Pointer Vulnerability

Published date: 2010-03-09

1.0 Introduction

One of the core modules in Apache package that implements the Internet Server extension API is mod isapi. The extension allows Apache to serve Internet Server extensions (ISAPI .dll modules) for Microsoft Windows based hosts.

By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced resulting dangling pointer vulnerability (CVE-2010-0425)

2.0 Impact

On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution.

3.0 Affected Products

Only Windows version of Apache software affected to this vulnerability. Below are the details of vulnerable versions:

Apache Software Foundation Apache 2.2.14
Apache Software Foundation Apache 2.2.13
Apache Software Foundation Apache 2.2.12
Apache Software Foundation Apache 2.2.11
Apache Software Foundation Apache 2.2.10
Apache Software Foundation Apache 2.2.9
Apache Software Foundation Apache 2.2.8
Apache Software Foundation Apache 2.2.6
Apache Software Foundation Apache 2.2.5
Apache Software Foundation Apache 2.2.4
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.2.2
Apache Software Foundation Apache 2.2.0
Apache Software Foundation Apache 2.2.7-dev
Apache Software Foundation Apache 2.2.6-dev
Apache Software Foundation Apache 2.2.5-dev
Apache Software Foundation Apache 2.2.1
Apache Software Foundation Apache 2.2

4.0 Recommendation

MyCERT recommends system administrator of this application to upgrade to version
2.2.15. The update can be obtained via this URL:

http://httpd.apache.org/download.cgi

MyCERT advises users of this product to keep themselves updated with the latest security announcements by the vendor.

MyCERT can be reached through the following channels for further assistance:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References