Apache /tmp File Race Vulnerability

Bugtraq ID:	2182
Class:	Race Condition Error
CVE:	CVE-2001-0131
Remote:	No
Local:	Yes
Published:	Jan 10 2001 12:00AM
Updated:	Jul 11 2009 04:46AM
Credit:	This vulnerability was announced by Greg KH <[email protected]> on January 10, 2001 via Bugtraq.
Vulnerable:	Wirex Immunix OS 7.0 -Beta Redhat Linux 7.0 Apache Apache 2.0 a9 Apache Apache 2.0 Apache Apache 1.3.14 + EnGarde Secure Linux 1.0.1 - MandrakeSoft Single Network Firewall 7.2 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + SGI IRIX 6.5.11 + SGI IRIX 6.5.10 + SGI IRIX 6.5.9 + SGI IRIX 6.5.8 + SGI IRIX 6.5.7 + SGI IRIX 6.5.6 + SGI IRIX 6.5.5 + SGI IRIX 6.5.4 + SGI IRIX 6.5.3 + SGI IRIX 6.5.2 + SGI IRIX 6.5.1 + SGI IRIX 6.5 Apache Apache 1.3.12 + NetScreen NetScreen-Global PRO Express Policy Manager Server + NetScreen NetScreen-Global PRO Policy Manager Server + OpenBSD OpenBSD 2.8 + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + Sun Cobalt ManageRaQ v2 3599BD + Sun Cobalt Qube3 4000WG + Sun Cobalt RaQ XTR 3500R + Sun Cobalt RaQ4 3001R + SuSE Linux 7.0 sparc + SuSE Linux 7.0 Apache Apache 1.3.11 Apache Apache 1.3.9 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + NetScreen NetScreen-Global PRO Express Policy Manager Server + NetScreen NetScreen-Global PRO Policy Manager Server + Sun Solaris 8_x86 + Sun Solaris 8_sparc + Sun SunOS 5.8 _x86 + Sun SunOS 5.8
Not Vulnerable:

Apache /tmp File Race Vulnerability

Solution:
Upgrades available:


Apache Apache 1.3.9

• Debian apache-common_1.3.9-14.3_alpha.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1. 3.9-14.3_alpha.deb


• Debian apache-common_1.3.9-14.3_arm.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1. 3.9-14.3_arm.deb


• Debian apache-common_1.3.9-14.3_i386.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1. 3.9-14.3_i386.deb


• Debian apache-common_1.3.9-14.3_m68k.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1. 3.9-14.3_m68k.deb


• Debian apache-common_1.3.9-14.3_powerpc.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1. 3.9-14.3_powerpc.deb


• Debian apache-common_1.3.9-14.3_sparc.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1. 3.9-14.3_sparc.deb


• Debian apache-dev_1.3.9-14.3_alpha.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9 -14.3_alpha.deb


• Debian apache-dev_1.3.9-14.3_arm.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9 -14.3_arm.deb


• Debian apache-dev_1.3.9-14.3_i386.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9 -14.3_i386.deb


• Debian apache-dev_1.3.9-14.3_m68k.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9 -14.3_m68k.deb


• Debian apache-dev_1.3.9-14.3_powerpc.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9 -14.3_powerpc.deb


• Debian apache-dev_1.3.9-14.3_sparc.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9 -14.3_sparc.deb


• Debian apache-doc_1.3.9-14.3_all.deb
  http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9 -14.3_all.deb


• Debian apache-ssl_1.3.9.13-4.2_alpha.deb
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1 .3.9.13-4.2_alpha.deb


• Debian apache-ssl_1.3.9.13-4.2_arm.deb
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1 .3.9.13-4.2_arm.deb


• Debian apache-ssl_1.3.9.13-4.2_i386.deb
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1 .3.9.13-4.2_i386.deb


• Debian apache-ssl_1.3.9.13-4.2_m68k.deb
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1 .3.9.13-4.2_m68k.deb


• Debian apache-ssl_1.3.9.13-4.2_powerpc.deb
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1 .3.9.13-4.2_powerpc.deb


• Debian apache-ssl_1.3.9.13-4.2_sparc.deb
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1 .3.9.13-4.2_sparc.deb


• Debian apache_1.3.9-14.3_alpha.deb
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14. 3_alpha.deb


• Debian apache_1.3.9-14.3_arm.deb
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14. 3_arm.deb


• Debian apache_1.3.9-14.3_i386.deb
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14. 3_i386.deb


• Debian apache_1.3.9-14.3_m68k.deb
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14. 3_m68k.deb


• Debian apache_1.3.9-14.3_powerpc.deb
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14. 3_powerpc.deb


• Debian apache_1.3.9-14.3_sparc.deb
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14. 3_sparc.deb

Wirex Immunix OS 7.0 -Beta

• Wirex 7.0 i386 apache-1.3.14-3_StackGuard_5.i386.rpm
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3 _StackGuard_5.i386.rpm


• Wirex 7.0 i386 apache-devel-1.3.14-3_StackGuard_5.i386.rpm
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1. 3.14-3_StackGuard_5.i386.rpm


• Wirex 7.0 i386 apache-manual-1.3.14-3_StackGuard_5.i386.rpm
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1 .3.14-3_StackGuard_5.i386.rpm


• Wirex 7.0 i386 mod_ssl-2.7.1-3_StackGuard_5.i386.rpm
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3 _StackGuard_5.i386.rpm

Apache /tmp File Race Vulnerability

References: