oss-sec mailing list archives

[Notification] CVE-2013-2765 mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 28 May 2013 06:14:32 -0400 (EDT)

Hello Steve, vendors,

  as brought to me by Athmane, ModSecurity upstream has release v2.7.4 version:
  [1] http://sourceforge.net/mailarchive/message.php?msg_id=30900019

correcting one security NULL pointer dereference flaw (CVE-2013-2765) - from [2]:

* Fixed Remote Null Pointer DeReference (CVE-2013-2765). When forceRequestBodyVariable
  action is triggered and a unknown Content-Type is used, mod_security will crash
  trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks
  is NULL. (Thanks Younes JAAIDI).

References:
  [2] https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
  [3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2765

Relevant upstream patch (seems to be the following):
[4] https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: Thanks goes to Athmane for bringing this to our attention.

Current thread:

[Notification] CVE-2013-2765 mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used Jan Lieskovsky (May 28)