?
Solved

Redhat EL 5 Patching

Posted on 2011-09-02
9
Medium Priority
?
691 Views
Last Modified: 2012-05-12
I need to patch Apache 2.2.3 on Redhat EL 5 without having a subscription to RHN.  The patche I require is attached, and I have tried running it in several ways....  

patch -s < <patch.name>
patch -p1 <patch.name>
patch -p0 <patch.name>

Most times it is ran, I get a prompt for "File to patch:"  

I do not know what it is asking of me.
Index: CHANGES
===================================================================
--- CHANGES	(revision 548701)
+++ CHANGES	(working copy)
@@ -1,6 +1,10 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.5
 
+  *) SECURITY: CVE-2007-1863 (cve.mitre.org)
+     mod_cache: Prevent segmentation fault if a Cache-Control header has
+     no value [Niklas Edmundsson]
+
   *) mod_cache: Let Cache-Control max-age set the expiration of the cached
      representation if Expires is not set.  [Justin Erenkrantz]
 
Index: modules/cache/cache_util.c
===================================================================
--- modules/cache/cache_util.c	(revision 548701)
+++ modules/cache/cache_util.c	(working copy)
@@ -243,7 +243,8 @@
     age = ap_cache_current_age(info, age_c, r->request_time);
 
     /* extract s-maxage */
-    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
+    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
+        && val != NULL) {
         smaxage = apr_atoi64(val);
     }
     else {
@@ -252,7 +253,8 @@
 
     /* extract max-age from request */
     if (!conf->ignorecachecontrol
-        && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
+        && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
+        && val != NULL) {
         maxage_req = apr_atoi64(val);
     }
     else {
@@ -260,7 +262,8 @@
     }
 
     /* extract max-age from response */
-    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
+    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
+        && val != NULL) {
         maxage_cresp = apr_atoi64(val);
     }
     else {
@@ -282,7 +285,20 @@
 
     /* extract max-stale */
     if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
-        maxstale = apr_atoi64(val);
+        if(val != NULL) {
+            maxstale = apr_atoi64(val);
+        }
+        else {
+            /*
+             * If no value is assigned to max-stale, then the client is willing
+             * to accept a stale response of any age (RFC2616 14.9.3). We will
+             * set it to one year in this case as this situation is somewhat
+             * similar to a "never expires" Expires header (RFC2616 14.21)
+             * which is set to a date one year from the time the response is
+             * sent in this case.
+             */
+            maxstale = APR_INT64_C(86400*365);
+        }
     }
     else {
         maxstale = 0;
@@ -290,7 +306,8 @@
 
     /* extract min-fresh */
     if (!conf->ignorecachecontrol
-        && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
+        && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
+        && val != NULL) {
         minfresh = apr_atoi64(val);
     }
     else {
@@ -419,6 +436,9 @@
                                                   next - val_start);
                         }
                     }
+                    else {
+                        *val = NULL;
+                    }
                 }
                 return 1;
             }

Open in new window

0
Comment
Question by:the-miz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 36472836
Take care to cd into the directory just above "modules/cache/..." and run patch using the "-p 0" flag.

wmp
0
 

Author Comment

by:the-miz
ID: 36473725
where is modules/cache directory?
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 2000 total points
ID: 36473809
Issue "httpd -V" and look for "HTTPD_ROOT".

cd to the directory shown and issue

find . -type d -name modules

cd to the found directory, then issue

cd ..

and you'll be there.

wmp
0
WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

 

Author Comment

by:the-miz
ID: 36473919
running find, does not find modules :(
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 2000 total points
ID: 36475050
The file to be patched is "cache_util.c"

Search this file from top level with

find / -type f -name "cache_util.c" 2>/dev/null

If it's found cd to the directory where it's in and run patch without any "-p" parameter, like:

patch /path/to/patchfile

"patchfile" is the file whose content you posted in your Q!

If "cache_util.c" is not found on your machine there is nothing you could patch!

wmp
0
 

Author Comment

by:the-miz
ID: 36475112
Not found, guess it's not installed.  I guess what this comes down to is we need to become PCI Compliant with Security Metrics and they sent me the following issue:

Description: vulnerable Apache version: 2.2.3 rrcs-24-103-167-154.nys.biz.rr.com24.103. 167.154Red HatSep 01 16:33:11 2011newSeverity: Area of Concern CVE: CVE-2006-4110 CVE-2006-5752 CVE-2007-1863 CVE-2007-3303 CVE-2007-3304 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 CVE-2008-0455 CVE-2008-0456 CVE-2009-1195 CVE-2009-1891 CVE-2009-2412 CVE-2010-0425 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2011-0419 CVE-2011-1928 10.010new11Impact: A remote attacker could crash the web server or execute arbitrary commands. Background: Apache is a web server which runs on Unix, Linux, Mac OS and Windows systems. Apache web servers support chunked encoding, which is part of the HTTP protocol specification. Chunked encoding is used by a web client to send data to the server in parts, or chunks. After a chunk is received, the server indicates that it is ready to receive the next chunk, until all of the data has been received. Resolution [http://httpd.apache.org/download.cgi] Upgrade Apache 1.x to version 1.3.41-dev or higher, 2.0.x to version 2.0.64-dev or higher when available, or a version higher than 2.2.18. Patches for the mod_cache DoS can be applied for [http://people.apache.org/~mjc/cve-2007- 1863-2.0.patch] 2.0 or [http://people.apache.org/~mjc/cve-2007- 1863-2.2.patch] 2.2. Alternatively, apply a fix from your operating system vendor. Vulnerability Details: Service: http Received: Server: Apache/2.2.3 (Red Hat)

Not sure you can help me.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36475242
No, sorry.

What I can tell you is that you can't patch a file which is not there.

On the other hand - when the stated vulnerability is in mod_cache, and you don't have mod_cache on your system there's also no vulnerability.

Are you aware that you would have had to recompile Apache if you had been able to apply the patch?

I'd really suggest upgrading Apache to the newest 2.2.x version anyway.

wmp
0
 

Author Comment

by:the-miz
ID: 36475268
I check out apache.org and they only have version 2.2.0 with a bunch of patches up to 2.2.9  which is a bit confusing to me.  I'm running RHEL 5.6 as well
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36475324
Meanwhile I assume that you didn't compile Apache on your own but that you're running a precompiled version.

You can't patch such a thing with a source patch like the one shown.

Of course you could go with compiling Apache on your own - do you have the required GCC compiler installed?

If you don't you'll have to procure the newest RedHat RPM version of Apache - which is a bit difficult without a subscription, that's true.

I fear I will not be able to help you further here.


wmp
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question