Apache Authentication Modules
Created 9/10/01
CAN 2001-1379
Impact
A remote attacker could execute arbitrary SQL commands
on a database or gain unauthorized access to the web server.
Background
Apache is a web server
which runs on Unix, Linux, and Windows systems. Several
different modules are available which allow Apache web servers
to authenticate users with passwords stored in various
types of databases. The password hashes are retrieved from
the database by an SQL
(Structured Query Language) statement.
The Problem
When a client attempts to authenticate to the web server,
the authentication module constructs an SQL statement designed
to retrieve the user's password hash from the database.
The query is based on the user name supplied by the client.
By embedding special characters or SQL keywords into the
user name, it could be possible for a remote attacker to
execute arbitrary SQL commands, including but not limited
to manipulating the returned password hash to gain unauthorized
access to the web server.
Apache web servers are affected by this vulnerability if
one of the following authentication modules are present:
- AuthPG 1.2b2
- mod_auth_mysql 1.9
- mod_auth_oracle 0.5.1
- mod_auth_pgsql 0.9.5
- mod_auth_pgsql_sys 0.9.4
Earlier versions of the above are likely to be affected
as well.
Resolutions
Recompile Apache using the latest version of the authentication
module. The following versions are known to be fixed:
Where can I read more about this?
This vulnerability was posted to
VulnWatch.