How to verify "Apache HTTP Server mod_mime Buffer Overread" has been fixed in CentOS 7

Support for security such as Firewalls and securing linux
Post Reply
netfar
Posts: 1
Joined: 2018/10/30 03:59:48

How to verify "Apache HTTP Server mod_mime Buffer Overread" has been fixed in CentOS 7

Post by netfar » 2018/10/30 04:09:56

Hi Experts,

"Apache HTTP Server mod_mime Buffer Overread" vulnerability has been found in my CentOS 7, I have updated system using yum update.

My question is how to verify the problem is fixed. following is the detailed information about the vulnerability:

--------------------------------------------------------------------------------
Apache httpd 2.4.26 https://httpd.apache.org/security/vulne ... es_24.html

The Apache Module mod_mime is used to assign content metadata to the content selected for an HTTP response by mapping patterns in the URI or filenames to the metadata values.In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.QID Detection Logic (Unauthenticated):This QID matches vulnerable versions based on the exposed banner information under the HTTP service.

A remote attacker could exploit this vulnerability to read one byte past the end of a buffer which could affect the confidentiality, integrity and availability of data on the target system.

These vulnerabilities have been patched in Apache. Refer to Apache httpd 2.4.27 Changelog, Apache httpd 2.2.34 Changelog,
Patch: Following are links for downloading patches to fix the vulnerabilities: CVE-2017-7679: Apache 2.2.x CVE-2017-7679: Apache 2.4.x
--------------------------------------------------------------------------------

Thank you very much.

Best Regards

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: How to verify "Apache HTTP Server mod_mime Buffer Overread" has been fixed in CentOS 7

Post by avij » 2018/10/30 06:27:32

https://access.redhat.com/security/cve/cve-2017-7679 has a link to https://access.redhat.com/errata/RHSA-2017:2479 which says it has been fixed in httpd-2.4.6-67.el7_4.2, so make sure you are running at least that version.

Code: Select all

$ rpm -q httpd --changelog | grep -i CVE-2017-7679
- Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread
$ rpm -q httpd
httpd-2.4.6-80.el7.centos.1.x86_64
See also https://access.redhat.com/security/updates/backporting

MtberQC
Posts: 1
Joined: 2019/11/18 15:59:27

Re: How to verify "Apache HTTP Server mod_mime Buffer Overread" has been fixed in CentOS 7

Post by MtberQC » 2019/11/18 16:04:19

Hi,

httpd is up to date and when i make your verification the way you specified, i got reply that say the fix is applied but when i'm running a PCI compliance scan with pci.qualys.com , it indicate that the vulnerability is there.

Dont really know how to deal with it.

Post Reply