Fix (APAR): PK63273 Status: Fix Release: 1.3.28.1 Operating System: AIX,HP-UX,Linux,Linux pSeries,Linux Red Hat - pSeries,Linux zSeries,Solaris,Windows Supersedes Fixes: PK05084,PK16139,PK27875,PK55141,PQ98444,PQ90262,PQ89899,PK07747,PQ92124,PQ76168,PQ87084 CMVC Defect: PK63273 Byte size of APAR: 35742677 Date: 2008-04-10 Abstract: Correct CVE-2007-5000 and CVE-2007-6388 Description/symptom of problem: PK63273 resolves the following problem: ERROR DESCRIPTION: Address CVE-2007-6388 and CVE-2007-5000 for IBM HTTP Server 1.3.28. LOCAL FIX: PROBLEM SUMMARY USERS AFFECTED: IBM HTTP SERVER 1.3.28.1 users PROBLEM DESCRIPTION: Correct CVE-2007-5000 and CVE-2007-6388 RECOMMENDATION: This cumulative fix is recommended for all IBM HTTP Server 1.3.28.1 installations. Address two security issues corrected after the previous cumulative fix for this release, PK55141. - PK58024 CVE-2007-5000 mod_imap cross-site scripting error with server side image maps - PK59667 CVE-2007-6388 mod_status cross-site scripting vulnerability . Changes with previous cumulative fixes, included here: . - PK49295 CVE-2006-5752 mod_status cross-site scripting vulnerability - PK50467 CVE-2007-3304 MPM signalling vulnerability. - PK50469 CVE-2007-3847 proxy buffer over-read vulnerability - PK44754 mod_ibm_ssl incompatibility with GSKit 7.0.3.25 and higher - PK19060 Retry connection to LDAP server immediately after connection drop - PK24631 CVE-2006-3918 Escape value of Expect header in error response to invalid Expect - PK28587 LDAP cache expiration time was not always honored - CMVC 84947 Fix crash in mod_ibm_ssl when using client certificate authentication - PK29157 CVE-2006-3747 mod_rewrite defect which could cause crashes on HP-UX and Windows - PK13959 CVE-2005-2088 HTTP proxy vulnerability - CVE-2005-3352 mod_imap cross-site scripting vulnerability - resolve Linux/x86 startup failures when /etc/nsswitch.conf specifies LDAP for name resolution, caused by dropped library support in RedHat Advanced Server 3.0 Update 4 and SLES 9 - mod_ibm_ldap: When user id is locked, return 401 instead of 503 and record the problem in error log - mod_ibm_ldap: Provide LdapReferralHopLimit directive to control how many referrals are allowed - mod_ibm_ldap: improve tracing - allow mod_net_trace to trace writev error - mod_ibm_ssl on Linux and Unix: resolve double-free error when interfacing with sidd - PK07747: IHS VIRTUAL HOST NO LONGER WORKS AFTER INSTALLATION OF MICROSOFT SECURITY PATCH MS05-019 - PK05084 CAN-2004-0940 mod_include possible buffer overflow - Unix: Log errno string for sidd connect failures - Track active plug-in module when ExtendedStatus in On "/server-status/?showmodule" can display it. - Linux for pSeries and zSeries: Remove dependency on external expat library - CAN-2003-0020 Strip control characters before logging to ErrorLog - PK03424 Windows: Fix mod_rewrite RewriteLog reliability problem on Windows - CAN-2003-0987 mod_digest nonce exposure - SSL in FIPS mode: Don't allow SSLv2 ciphers - Windows include files reference missing file - mod_log_config sometimes logged "0" instead of "-" for %b format - AIX: enable full core dump automatically for httpd crashes - Fix child process crash in ap_bhalfduplex(). - PQ89899 CAN-2004-0492 crash in mod_proxy - PQ90262 Misuse of gsk_secure_sock_close causes child process crash - PQ90562 mod_ibm_ssl storage leak across restart - mod_snmp limit on virtual hosts was raised to 1500 - PQ92124 HTTP POSTs fail or hang when Afpa is enabled; When Afpa is enabled on Windows, HTTP POST requests may occasionally appear to hang and eventually time out with an error. - PQ98444 Mod_ibm_ldap fails to UTF-8 encode the filter string PROBLEM CONCLUSION: See APARs for individual fixes. Directions to apply fix: 1) Making a backup of these files: cd to IHS installation directory mkdir before-PK63273-efix Windows: copy/v *.exe before-PK63273-efix copy/v ApacheCore.dll before-PK63273-efix copy/v afpaapi.dll before-PK63273-efix copy/v Dynacache.dll before-PK63273-efix copy/v afpa.sys before-PK63273-efix mkdir before-PK63273-efix\modules copy/v modules\*.dll before-PK63273-efix\modules rename %WINDOWS%\system32\drivers\afpa.sys afpa.sys.before-PK63273 (replace %WINDOWS% with the Windows operating system installation directory; example: C:\WINDOWS) move src\include before-PK63273-efix\include Unix: cp -p bin/* libexec/* before-PK63273-efix 2) Applying the fix: stop IHS AIX only: run the AIX command "/usr/sbin/slibclean" Windows: unzip \path\to\1.3.28.1-PK63273.nt If you are prompted to replace files, answer yes. copy/v afpa.sys to %WINDOWS%\system32\drivers\afpa.sys (replace %WINDOWS% with the Windows operating system installation directory) Reboot the machine to activate the new afpa.sys. Unix: tar -xf /path/to/1.3.28.1-PK63273.PLATFORM.tar where PLATFORM is "aix", "linux", "sun", etc. example: "tar -xf /tmp/1.3.28.1-PK63273.aix.tar" 3) start IHS again Directions to remove fix: 1. Stop IHS. 2. AIX only: run the AIX command "/usr/sbin/slibclean" 3. Restore the files previously saved into the before-PK63273-efix directory. 4. Windows only: Restore %WINDOWS%\system32\drivers\afpa.sys from the backup copy. 5. Windows only: Reboot the machine to activate the old afpa.sys. 6. Start IHS. Directions to re-apply fix: Use instructions above for applying fix, but no need to create archive again. Additional Information: Checksum and size of the fix files: 2058426088 5324800 1.3.28.1-PK63273.aix.tar 1177384933 6676480 1.3.28.1-PK63273.hpux.tar 2944146139 5447680 1.3.28.1-PK63273.linux390.tar 227805951 6123520 1.3.28.1-PK63273.linuxppc.tar 1953869478 4812800 1.3.28.1-PK63273.linux.tar 1083235173 1538517 1.3.28.1-PK63273.nt.zip 3228444714 5818880 1.3.28.1-PK63273.sun.tar